Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1572021
MD5:	0f2fe11ad182a5dacccb11f8aec704d0
SHA1:	4a20e305c64c6817a1a4fb95157e1b4ffc4c8d4f
SHA256:	3c85a11120f1473f832bb6956f67b534a16205f9454abf2116237f0007cf9f89
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://atten-supporse.biz/7E	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/gE	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/WE	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/GE1	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/apiw3	Avira URL Cloud: Label: malware

Found malware configuration

Source: file.exe.2080.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["dwell-exclaim.biz", "zinc-sneark.biz", "atten-supporse.biz", "formy-spill.biz", "print-vexer.biz", "impend-differ.biz", "covery-mover.biz", "se-blurry.biz", "dare-curbys.biz"], "Build id": "LOGS11--LiveTraffic"}

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 48%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: impend-differ.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: print-vexer.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: dare-curbys.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: covery-mover.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: formy-spill.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: dwell-exclaim.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: zinc-sneark.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: se-blurry.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: atten-supporse.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49730 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]	0_2_00B3A960
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edx], bl	0_2_00B3CE55
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00B39CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00B55F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00B5A060
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]	0_2_00B56170
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00B52270
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h	0_2_00B3C274
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	0_2_00B3C36E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00B645F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh	0_2_00B6E690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B586F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00B566E7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]	0_2_00B5C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00B5C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00B5C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00B5C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_00B5A630
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B50717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00B50717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B586F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_00B5AAD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B6CAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]	0_2_00B66B20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi]	0_2_00B32B70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B6CCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B6CD60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h	0_2_00B4CEA5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00B46E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00B46E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B6CE00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h	0_2_00B44F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_00B44F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebx, 03h	0_2_00B58F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00B5D085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00B5D085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00B4D087
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00B4D074
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00B47190
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]	0_2_00B592D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ebx	0_2_00B592D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [00B74284h]	0_2_00B55230
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00B5B3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00B5B3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00B57307
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, bx	0_2_00B5536C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00B5B4BB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B5B475
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00B37470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00B37470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]	0_2_00B596D8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]	0_2_00B57653
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h	0_2_00B55920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, eax	0_2_00B35910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00B35910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00B46E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00B46E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00B4597D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00B45ADC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00B6DBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh	0_2_00B6DCF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h	0_2_00B49C10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00B47E82
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]	0_2_00B45EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B51EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h	0_2_00B6DFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00B5BFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00B5BFDA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00B55F7D

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.4:49250 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49731 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49730 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.80.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.80.1:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: atten-supporse.biz

Source: unknown

Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/7E
Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/GE1
Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/WE
Source: file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apii
Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apit
Source: file.exe, 00000000.00000002.1736490291.0000000001486000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735608820.0000000001485000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiw3
Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/gE
Source: file.exe, 00000000.00000003.1735492795.000000000146F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736490291.000000000146F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B387F0	0_2_00B387F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3A960	0_2_00B3A960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66F90	0_2_00B66F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C700C6	0_2_00C700C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B580B0	0_2_00B580B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD80B2	0_2_00BD80B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C0D7	0_2_00C3C0D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4088	0_2_00BE4088
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C0F7	0_2_00C1C0F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C081	0_2_00B9C081
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBC082	0_2_00BBC082
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6C0FD	0_2_00C6C0FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C280FE	0_2_00C280FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4	0_2_00BC00E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C500A2	0_2_00C500A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFC0D6	0_2_00BFC0D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAA0D6	0_2_00BAA0D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B680D9	0_2_00B680D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF20D0	0_2_00BF20D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7E044	0_2_00C7E044
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6A030	0_2_00B6A030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C90040	0_2_00C90040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD202C	0_2_00BD202C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E058	0_2_00C5E058
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEC077	0_2_00BEC077
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0070	0_2_00BB0070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B55F7D	0_2_00B55F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C12017	0_2_00C12017
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0067	0_2_00BF0067
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3E06A	0_2_00B3E06A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74020	0_2_00C74020
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E028	0_2_00C3E028
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2A036	0_2_00C2A036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C98036	0_2_00C98036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA1CC	0_2_00CAA1CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAC19D	0_2_00BAC19D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B381F0	0_2_00B381F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA81F2	0_2_00BA81F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA0186	0_2_00CA0186
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C48198	0_2_00C48198
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C961A9	0_2_00C961A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B601D0	0_2_00B601D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC21C9	0_2_00BC21C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C261B8	0_2_00C261B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80143	0_2_00C80143
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE12A	0_2_00BEE12A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66153	0_2_00C66153
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7A16B	0_2_00C7A16B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5A100	0_2_00B5A100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9A17F	0_2_00C9A17F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7817C	0_2_00C7817C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1A17F	0_2_00C1A17F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3417C	0_2_00C3417C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B56170	0_2_00B56170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C08109	0_2_00C08109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC15E	0_2_00BDC15E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C52126	0_2_00C52126
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7612B	0_2_00C7612B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9E140	0_2_00B9E140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0E139	0_2_00C0E139
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C002C8	0_2_00C002C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C202CC	0_2_00C202CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C862DD	0_2_00C862DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3E2A9	0_2_00B3E2A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE228E	0_2_00BE228E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C162F3	0_2_00C162F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C102FD	0_2_00C102FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C502FB	0_2_00C502FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF42FA	0_2_00BF42FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE62E7	0_2_00BE62E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C542A7	0_2_00C542A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE82D7	0_2_00BE82D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B982CB	0_2_00B982CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6E2C0	0_2_00B6E2C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA233	0_2_00BFA233
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9A219	0_2_00B9A219
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B36200	0_2_00B36200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24275	0_2_00C24275
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B34270	0_2_00B34270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B52270	0_2_00B52270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC274	0_2_00BCC274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9E21F	0_2_00C9E21F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4222E	0_2_00C4222E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C02230	0_2_00C02230
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA6246	0_2_00BA6246
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C363C2	0_2_00C363C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C183CD	0_2_00C183CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C443D5	0_2_00C443D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E3D1	0_2_00C6E3D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE03D5	0_2_00CE03D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C3E5	0_2_00C4C3E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0399	0_2_00BF0399
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE38C	0_2_00BEE38C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C843FB	0_2_00C843FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C943FE	0_2_00C943FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C303FF	0_2_00C303FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6A3F0	0_2_00B6A3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4E38C	0_2_00C4E38C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB63F6	0_2_00BB63F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA239E	0_2_00CA239E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBC3E5	0_2_00BBC3E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2E3A7	0_2_00C2E3A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3A3AA	0_2_00C3A3AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC3CC	0_2_00BCC3CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C338	0_2_00B9C338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8338	0_2_00BB8338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72343	0_2_00C72343
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC338	0_2_00BDC338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E36F	0_2_00C8E36F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C36D	0_2_00C3C36D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8C319	0_2_00C8C319
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4C360	0_2_00B4C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB435F	0_2_00BB435F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C96331	0_2_00C96331
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C884C5	0_2_00C884C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C244EB	0_2_00C244EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C481	0_2_00B9C481
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF24F2	0_2_00BF24F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C495	0_2_00C1C495
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAA4D1	0_2_00BAA4D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C904A4	0_2_00C904A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7C4A8	0_2_00C7C4A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E4B4	0_2_00C3E4B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B964C4	0_2_00B964C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0A441	0_2_00C0A441
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9243A	0_2_00B9243A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66430	0_2_00B66430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3245B	0_2_00C3245B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7E458	0_2_00C7E458
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD040E	0_2_00BD040E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94407	0_2_00B94407
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1441C	0_2_00C1441C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5041B	0_2_00C5041B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE456	0_2_00BCE456
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C48435	0_2_00C48435
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1243D	0_2_00C1243D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C105C8	0_2_00C105C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C665CA	0_2_00C665CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7E5CA	0_2_00C7E5CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2A5EB	0_2_00C2A5EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEA592	0_2_00BEA592
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9E596	0_2_00B9E596
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBE588	0_2_00BBE588
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C70581	0_2_00C70581
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA5E5	0_2_00BFA5E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0C5B2	0_2_00C0C5B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C540	0_2_00C4C540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9855E	0_2_00C9855E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0513	0_2_00BB0513
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFC514	0_2_00BFC514
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5056E	0_2_00C5056E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8579	0_2_00BD8579
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B46571	0_2_00B46571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC2577	0_2_00BC2577
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9A502	0_2_00C9A502
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C066D0	0_2_00C066D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA86AC	0_2_00BA86AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEA6EE	0_2_00CEA6EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B36690	0_2_00B36690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB869F	0_2_00BB869F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66690	0_2_00B66690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6E690	0_2_00B6E690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C726EB	0_2_00C726EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B566E7	0_2_00B566E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5C6D7	0_2_00B5C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C766AB	0_2_00C766AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C206BE	0_2_00C206BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFC6C1	0_2_00BFC6C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C64641	0_2_00C64641
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C36650	0_2_00C36650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC4628	0_2_00BC4628
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C65D	0_2_00C3C65D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8C66F	0_2_00C8C66F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74670	0_2_00C74670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA4603	0_2_00BA4603
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B42670	0_2_00B42670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE671	0_2_00BFE671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5460A	0_2_00C5460A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0461D	0_2_00C0461D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2461C	0_2_00C2461C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE646	0_2_00BDE646
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF67B7	0_2_00BF67B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B927B5	0_2_00B927B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C927C6	0_2_00C927C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B467A5	0_2_00B467A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C147E7	0_2_00C147E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4E7EE	0_2_00C4E7EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C027ED	0_2_00C027ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C587F5	0_2_00C587F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C567FD	0_2_00C567FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C967F1	0_2_00C967F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5A7F8	0_2_00C5A7F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0E781	0_2_00C0E781
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE27F7	0_2_00BE27F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E78C	0_2_00C3E78C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1E793	0_2_00C1E793
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC7DE	0_2_00BDC7DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB47DF	0_2_00BB47DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B967C9	0_2_00B967C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C367B0	0_2_00C367B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E7BE	0_2_00C8E7BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C18741	0_2_00C18741
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9874D	0_2_00C9874D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B48731	0_2_00B48731
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C78757	0_2_00C78757
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B50717	0_2_00B50717
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9870A	0_2_00B9870A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA705	0_2_00BBA705
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE77B	0_2_00BCE77B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8754	0_2_00BC8754
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDA755	0_2_00BDA755
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2C73D	0_2_00C2C73D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C948CF	0_2_00C948CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA48B5	0_2_00BA48B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAA899	0_2_00BAA899
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C048E9	0_2_00C048E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C8FF	0_2_00C4C8FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC28F7	0_2_00BC28F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCA8F1	0_2_00BCA8F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAC838	0_2_00BAC838
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E844	0_2_00C6E844
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8A840	0_2_00C8A840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6831	0_2_00BB6831
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9082D	0_2_00B9082D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8885F	0_2_00C8885F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C62866	0_2_00C62866
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C40866	0_2_00C40866
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEC81D	0_2_00BEC81D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC80D	0_2_00BCC80D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C16800	0_2_00C16800
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4681A	0_2_00C4681A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE8826	0_2_00CE8826
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C841	0_2_00B9C841
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE49BA	0_2_00BE49BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C209CE	0_2_00C209CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C349D1	0_2_00C349D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA9A2	0_2_00BFA9A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C849D6	0_2_00C849D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B38990	0_2_00B38990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC498A	0_2_00BC498A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC985	0_2_00BCC985
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C58980	0_2_00C58980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10988	0_2_00C10988
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4A9AA	0_2_00C4A9AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C389B0	0_2_00C389B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9A94E	0_2_00C9A94E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C90958	0_2_00C90958
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C95C	0_2_00C3C95C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54972	0_2_00C54972
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE2977	0_2_00CE2977
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6A901	0_2_00C6A901
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB2972	0_2_00BB2972
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5297F	0_2_00B5297F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC0973	0_2_00BC0973
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6091C	0_2_00C6091C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAC964	0_2_00BAC964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0A921	0_2_00C0A921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD095F	0_2_00BD095F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE6958	0_2_00BE6958
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E932	0_2_00C8E932
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4944	0_2_00BB4944
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDEAB7	0_2_00BDEAB7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46ACF	0_2_00C46ACF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98AB4	0_2_00B98AB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0AAF	0_2_00BF0AAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54AD4	0_2_00C54AD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCEA99	0_2_00BCEA99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00AF0	0_2_00C00AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7EAF7	0_2_00C7EAF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBAA88	0_2_00BBAA88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74A90	0_2_00C74A90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2AAA2	0_2_00C2AAA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5EAAF	0_2_00C5EAAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA8AD1	0_2_00BA8AD1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6CAC0	0_2_00B6CAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4AC4	0_2_00BF4AC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8A3D	0_2_00BD8A3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0CA47	0_2_00C0CA47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C70A49	0_2_00C70A49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBEA29	0_2_00BBEA29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2EA56	0_2_00C2EA56
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA6A2F	0_2_00BA6A2F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C26A55	0_2_00C26A55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C28A65	0_2_00C28A65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDAA01	0_2_00BDAA01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7AA7B	0_2_00C7AA7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF2A09	0_2_00CF2A09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C92A17	0_2_00C92A17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6CA25	0_2_00C6CA25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3CA54	0_2_00B3CA54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9EA23	0_2_00C9EA23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CA39	0_2_00C8CA39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B44A40	0_2_00B44A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEAA46	0_2_00BEAA46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80A34	0_2_00C80A34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86BCE	0_2_00C86BCE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C36BC4	0_2_00C36BC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B34BA0	0_2_00B34BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA2BAE	0_2_00BA2BAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCABA6	0_2_00BCABA6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94BA7	0_2_00B94BA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C62BE4	0_2_00C62BE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C42BEF	0_2_00C42BEF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C26BF3	0_2_00C26BF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE2BF3	0_2_00BE2BF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C04B8D	0_2_00C04B8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C56B8B	0_2_00C56B8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2EB93	0_2_00C2EB93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24B9F	0_2_00C24B9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C48BA4	0_2_00C48BA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1CBAD	0_2_00C1CBAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4BD3	0_2_00BE4BD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C94BBB	0_2_00C94BBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C40BBD	0_2_00C40BBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C18BBB	0_2_00C18BBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9ABC7	0_2_00B9ABC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF8B37	0_2_00BF8B37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFCB27	0_2_00BFCB27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BECB0D	0_2_00BECB0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B46B7E	0_2_00B46B7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9EB74	0_2_00B9EB74
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C76B2C	0_2_00C76B2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4B51	0_2_00BD4B51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4CB5A	0_2_00B4CB5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6B4B	0_2_00BB6B4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2CB33	0_2_00C2CB33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C08B3C	0_2_00C08B3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C14CC9	0_2_00C14CC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C32CC8	0_2_00C32CC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA6CF9	0_2_00BA6CF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C02C8A	0_2_00C02C8A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C16C8D	0_2_00C16C8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B52CF8	0_2_00B52CF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6CCE0	0_2_00B6CCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80CAA	0_2_00C80CAA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0AC58	0_2_00C0AC58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C50C5F	0_2_00C50C5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B48C1E	0_2_00B48C1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC0C7C	0_2_00BC0C7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAAC7B	0_2_00BAAC7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72C16	0_2_00C72C16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8AC16	0_2_00C8AC16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA0C29	0_2_00CA0C29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9CC26	0_2_00C9CC26
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCEC4F	0_2_00BCEC4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C82C3C	0_2_00C82C3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C96C3D	0_2_00C96C3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66C40	0_2_00B66C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B64C4D	0_2_00B64C4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46DE7	0_2_00C46DE7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB2DFC	0_2_00BB2DFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDADE0	0_2_00BDADE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C62D55	0_2_00C62D55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8AD5C	0_2_00C8AD5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6CD50	0_2_00C6CD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8D21	0_2_00BD8D21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCAD63	0_2_00CCAD63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0ED6F	0_2_00C0ED6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4D0D	0_2_00BE4D0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66D72	0_2_00C66D72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C44D7E	0_2_00C44D7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFAD03	0_2_00BFAD03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1CD7C	0_2_00C1CD7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3CD07	0_2_00C3CD07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4AD01	0_2_00C4AD01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCAD77	0_2_00BCAD77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6CD60	0_2_00B6CD60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6ED1A	0_2_00C6ED1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98D55	0_2_00B98D55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4CD28	0_2_00C4CD28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BACD54	0_2_00BACD54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4D42	0_2_00BB4D42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF2D46	0_2_00BF2D46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFCD42	0_2_00BFCD42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6EB7	0_2_00BC6EB7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B56EBE	0_2_00B56EBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0CED2	0_2_00C0CED2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B32EA0	0_2_00B32EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C94ED1	0_2_00C94ED1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C34EDE	0_2_00C34EDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4EA2	0_2_00BD4EA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B46E97	0_2_00B46E97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2EEE5	0_2_00C2EEE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6E84	0_2_00BB6E84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF2EEF	0_2_00BF2EEF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C98E98	0_2_00C98E98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98EED	0_2_00B98EED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4AE9A	0_2_00C4AE9A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C20EA4	0_2_00C20EA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9CE3D	0_2_00B9CE3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C64E60	0_2_00C64E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2AE68	0_2_00C2AE68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4AE00	0_2_00B4AE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6CE00	0_2_00B6CE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA6E7B	0_2_00BA6E7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5EE09	0_2_00C5EE09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C84E23	0_2_00C84E23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C70E33	0_2_00C70E33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1EFC0	0_2_00C1EFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B48FAD	0_2_00B48FAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6FA0	0_2_00BD6FA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00FE4	0_2_00C00FE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9EFF4	0_2_00C9EFF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94FE8	0_2_00B94FE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C68F93	0_2_00C68F93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86F9E	0_2_00C86F9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B40FD6	0_2_00B40FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C32F42	0_2_00C32F42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4EF30	0_2_00B4EF30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B90F31	0_2_00B90F31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA2F31	0_2_00BA2F31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE8F28	0_2_00BE8F28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA4F27	0_2_00BA4F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDEF15	0_2_00BDEF15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74F6C	0_2_00C74F6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C60F69	0_2_00C60F69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2CF73	0_2_00C2CF73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF0F75	0_2_00CF0F75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B44F08	0_2_00B44F08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C06F1A	0_2_00C06F1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C04F27	0_2_00C04F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B58F5D	0_2_00B58F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10F29	0_2_00C10F29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C92F25	0_2_00C92F25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFEF43	0_2_00BFEF43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDD0B3	0_2_00BDD0B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C410D2	0_2_00C410D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC10A7	0_2_00BC10A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB10A5	0_2_00BB10A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C450ED	0_2_00C450ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C890E6	0_2_00C890E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5D085	0_2_00B5D085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6B0F6	0_2_00C6B0F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEB08A	0_2_00BEB08A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9D08E	0_2_00C9D08E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7D08E	0_2_00C7D08E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C05090	0_2_00C05090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE50D4	0_2_00BE50D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5B0AA	0_2_00C5B0AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC30CA	0_2_00BC30CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5D0BF	0_2_00C5D0BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C090BF	0_2_00C090BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C65040	0_2_00C65040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB7031	0_2_00BB7031
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE3032	0_2_00BE3032
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9701D	0_2_00B9701D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3D06E	0_2_00C3D06E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAF078	0_2_00BAF078
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B39070	0_2_00B39070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4301D	0_2_00C4301D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0B01C	0_2_00C0B01C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAB067	0_2_00BAB067
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C57035	0_2_00C57035
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2703C	0_2_00C2703C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC91B0	0_2_00BC91B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C511D5	0_2_00C511D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7B1D1	0_2_00C7B1D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C291D9	0_2_00C291D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C471E7	0_2_00C471E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B47190	0_2_00B47190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA7195	0_2_00BA7195
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEF1FC	0_2_00BEF1FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8D18A	0_2_00C8D18A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2F187	0_2_00C2F187
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5F18F	0_2_00C5F18F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C991AD	0_2_00C991AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE11D8	0_2_00BE11D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFF1D8	0_2_00BFF1D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDD1CC	0_2_00BDD1CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C831BB	0_2_00C831BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCB1C2	0_2_00BCB1C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C33155	0_2_00C33155
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0F100	0_2_00C0F100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6711E	0_2_00C6711E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9D163	0_2_00B9D163
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB9148	0_2_00BB9148
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C49132	0_2_00C49132
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C81131	0_2_00C81131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C772C6	0_2_00C772C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B492BA	0_2_00B492BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3F2D4	0_2_00C3F2D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9B29E	0_2_00B9B29E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF528D	0_2_00BF528D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B932F8	0_2_00B932F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D65293	0_2_00D65293
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB32F6	0_2_00BB32F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA52F4	0_2_00BA52F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0D295	0_2_00C0D295
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B592D0	0_2_00B592D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C792B7	0_2_00C792B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3D248	0_2_00C3D248
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1524F	0_2_00C1524F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBB229	0_2_00BBB229
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1D25E	0_2_00C1D25E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA126B	0_2_00CA126B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C39274	0_2_00C39274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB5203	0_2_00BB5203
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3527C	0_2_00C3527C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6321D	0_2_00C6321D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA9242	0_2_00BA9242

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B38000 appears 55 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B44A30 appears 76 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9975264922145328
Source: file.exe	Static PE information: Section: yvenramj ZLIB complexity 0.9945109935946609

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B60A6C CoCreateInstance,

0_2_00B60A6C

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

Virustotal: Detection: 48%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1832448 > 1048576

Source: file.exe

Static PE information: Raw size of yvenramj is bigger than: 0x100000 < 0x197600

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.b30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yvenramj:EW;vcuwzowy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;yvenramj:EW;vcuwzowy:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1c1fb3 should be: 0x1ce117

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: yvenramj
Source: file.exe	Static PE information: section name: vcuwzowy
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B89295 push 270264ADh; mov dword ptr [esp], ebx	0_2_00B89EA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA0C8 push esi; mov dword ptr [esp], edi	0_2_00CBA103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA0C8 push 791A3594h; mov dword ptr [esp], edx	0_2_00CBA123
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA0C8 push esi; mov dword ptr [esp], ecx	0_2_00CBA178
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA0C8 push edx; mov dword ptr [esp], ebx	0_2_00CBA1C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D820C8 push ebx; mov dword ptr [esp], edi	0_2_00D82118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9E081 push esi; mov dword ptr [esp], ebp	0_2_00D9E0C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push 69A41596h; mov dword ptr [esp], ecx	0_2_00BC06E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push 4B15E16Bh; mov dword ptr [esp], ecx	0_2_00BC0718
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push eax; mov dword ptr [esp], ebp	0_2_00BC074B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push 60B48A68h; mov dword ptr [esp], eax	0_2_00BC0753
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push ebp; mov dword ptr [esp], 3ACFDE01h	0_2_00BC0816
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push eax; mov dword ptr [esp], ecx	0_2_00BC0884
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push edi; mov dword ptr [esp], eax	0_2_00BC08B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push 3C7D8C61h; mov dword ptr [esp], ebp	0_2_00BC08CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push edx; mov dword ptr [esp], ecx	0_2_00BC08E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push 1EE7729Bh; mov dword ptr [esp], ecx	0_2_00BC0917
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B88014 push ebp; mov dword ptr [esp], ebx	0_2_00B88016
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C06B push 22CE03E8h; mov dword ptr [esp], eax	0_2_00B8C08A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B88058 push ebx; mov dword ptr [esp], 2CF7511Bh	0_2_00B881B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA1CC push ebx; mov dword ptr [esp], 737D497Ah	0_2_00CAA202
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA1CC push edi; mov dword ptr [esp], ecx	0_2_00CAA304
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA1CC push 156FD93Eh; mov dword ptr [esp], ebp	0_2_00CAA357
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA1CC push ecx; mov dword ptr [esp], 1BD9A479h	0_2_00CAA360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9E18D push 54218DBFh; mov dword ptr [esp], eax	0_2_00D9E212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B881E2 push 1E566D7Eh; mov dword ptr [esp], edx	0_2_00B881EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B90174 push esi; mov dword ptr [esp], ebx	0_2_00B90175
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C15B push esi; mov dword ptr [esp], ebx	0_2_00B8C176
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C15B push eax; mov dword ptr [esp], 4F3B63AAh	0_2_00B8C17F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7612B push esi; mov dword ptr [esp], edx	0_2_00C76405
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7612B push ecx; mov dword ptr [esp], edi	0_2_00C7644E

Source: file.exe	Static PE information: section name: entropy: 7.97558968085853
Source: file.exe	Static PE information: section name: yvenramj entropy: 7.953649399394396

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD9D9 second address: CFDA05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F0C10EAEB36h 0x00000012 jo 00007F0C10EAEB36h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDA05 second address: CFDA09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDA09 second address: CFDA1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0C10EAEB3Ah 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF40DF second address: CF40E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD13B second address: CFD146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD146 second address: CFD165 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007F0C10DA403Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD165 second address: CFD16B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD16B second address: CFD174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD174 second address: CFD191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB47h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD191 second address: CFD1A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F0C10DA4036h 0x0000000d jc 00007F0C10DA4036h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFA2A second address: CFFA37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFA37 second address: CFFA41 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFA41 second address: CFFA8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F0C10EAEB38h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 jmp 00007F0C10EAEB3Dh 0x0000002b push CEF6D891h 0x00000030 push eax 0x00000031 push edx 0x00000032 jl 00007F0C10EAEB3Ch 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFA8A second address: CFFA8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFBD7 second address: CFFBF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB48h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFBF3 second address: CFFC24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4046h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push esi 0x00000010 push ebx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop ebx 0x00000014 pop esi 0x00000015 mov eax, dword ptr [eax] 0x00000017 jc 00007F0C10DA403Eh 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFD7C second address: CFFD80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D20A82 second address: D20AA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4044h 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D20AA2 second address: D20AAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0C10EAEB36h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE199D second address: CE19A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EE71 second address: D1EE75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EE75 second address: D1EE93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10DA4044h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EE93 second address: D1EE97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EE97 second address: D1EE9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EFC5 second address: D1EFD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F0C10EAEB3Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1F140 second address: D1F15E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 pushad 0x00000009 push edx 0x0000000a jmp 00007F0C10DA403Dh 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1F15E second address: D1F17B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1F17B second address: D1F181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1F709 second address: D1F70D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEE9C second address: CEEEA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEEA0 second address: CEEEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEEAB second address: CEEEBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop edx 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEEBE second address: CEEEC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEEC4 second address: CEEEC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FAAF second address: D1FAB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FAB7 second address: D1FABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FABB second address: D1FADB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0C10EAEB44h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FADB second address: D1FB07 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0C10DA4049h 0x00000012 je 00007F0C10DA4036h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2027A second address: D2027E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2027E second address: D20284 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D20284 second address: D2028B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D20582 second address: D205D0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F0C10DA4045h 0x0000000a pop edi 0x0000000b push ebx 0x0000000c jmp 00007F0C10DA4048h 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push esi 0x00000015 pushad 0x00000016 push edi 0x00000017 pop edi 0x00000018 jmp 00007F0C10DA4041h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D255EC second address: D2561F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F0C10EAEB3Ch 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F0C10EAEB4Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2561F second address: D25625 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25625 second address: D25629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25BCF second address: D25BEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10DA4047h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D24532 second address: D24543 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB3Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25CBC second address: D25CC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25CC2 second address: D25D23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F0C10EAEB3Ah 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jmp 00007F0C10EAEB49h 0x00000016 jno 00007F0C10EAEB38h 0x0000001c popad 0x0000001d mov eax, dword ptr [eax] 0x0000001f jns 00007F0C10EAEB49h 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 js 00007F0C10EAEB44h 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25D23 second address: D25D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D277D7 second address: D277DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFED4 second address: CDFED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFED8 second address: CDFEDE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AE3C second address: D2AE67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4049h 0x00000007 je 00007F0C10DA4036h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jbe 00007F0C10DA403Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AE67 second address: D2AE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AE6D second address: D2AEA3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F0C10DA403Fh 0x00000008 jmp 00007F0C10DA4042h 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0C10DA403Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AEA3 second address: D2AEA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AEA7 second address: D2AEC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F0C10DA4041h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E29E second address: D2E2C7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F0C10EAEB3Dh 0x00000010 jo 00007F0C10EAEB36h 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c push edi 0x0000001d pop edi 0x0000001e push esi 0x0000001f pop esi 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E495 second address: D2E49F instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EC9B second address: D2EC9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EC9F second address: D2ECA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2ED41 second address: D2ED47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2ED47 second address: D2ED78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F0C10DA4038h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 nop 0x00000026 push ebx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2ED78 second address: D2ED7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EFE3 second address: D2EFED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F0C10DA4036h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EFED second address: D2F016 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F0C10EAEB48h 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F0E9 second address: D2F0EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F0EE second address: D2F120 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB42h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jg 00007F0C10EAEB36h 0x00000012 jmp 00007F0C10EAEB3Fh 0x00000017 popad 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F8E6 second address: D2F8F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F0C10DA4036h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30232 second address: D302CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0C10EAEB36h 0x0000000a popad 0x0000000b push eax 0x0000000c ja 00007F0C10EAEB4Eh 0x00000012 nop 0x00000013 mov dword ptr [ebp+122D2FEBh], edi 0x00000019 push 00000000h 0x0000001b mov edi, 2CFB9E18h 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push ecx 0x00000025 call 00007F0C10EAEB38h 0x0000002a pop ecx 0x0000002b mov dword ptr [esp+04h], ecx 0x0000002f add dword ptr [esp+04h], 0000001Ah 0x00000037 inc ecx 0x00000038 push ecx 0x00000039 ret 0x0000003a pop ecx 0x0000003b ret 0x0000003c movsx esi, di 0x0000003f xchg eax, ebx 0x00000040 push ebx 0x00000041 je 00007F0C10EAEB4Fh 0x00000047 jmp 00007F0C10EAEB49h 0x0000004c pop ebx 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F0C10EAEB44h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D300D9 second address: D300DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D31D5A second address: D31D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D31D60 second address: D31D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D333EE second address: D333F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D375FC second address: D37601 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34769 second address: D34770 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34770 second address: D34786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F0C10DA403Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D37B6A second address: D37BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 clc 0x00000008 push 00000000h 0x0000000a jmp 00007F0C10EAEB47h 0x0000000f push 00000000h 0x00000011 jno 00007F0C10EAEB50h 0x00000017 push eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D35289 second address: D352B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4043h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0C10DA4044h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D37BB3 second address: D37BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D352B8 second address: D352BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3BCA8 second address: D3BCB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D37E23 second address: D37E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D39C67 second address: D39C78 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3ADC7 second address: D3ADE8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0C10DA4048h 0x00000008 jmp 00007F0C10DA4042h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3BCB1 second address: D3BCB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D39C78 second address: D39C7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D39C7D second address: D39C84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DC0C second address: D3DC16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F0C10DA4036h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CE17 second address: D3CE25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DC16 second address: D3DC1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CE25 second address: D3CE2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DC1A second address: D3DC51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov bh, 4Eh 0x0000000b push 00000000h 0x0000000d mov bx, 8181h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F0C10DA4038h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edi 0x00000032 pop edi 0x00000033 pop eax 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CE2C second address: D3CE3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB3Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3ECF2 second address: D3ED12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F0C10DA4041h 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EE2D second address: D3EEB2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0C10EAEB38h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d and bh, 00000016h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F0C10EAEB38h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 sbb bl, 00000072h 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b mov dword ptr [ebp+122D2EC6h], ecx 0x00000041 mov eax, dword ptr [ebp+122D0271h] 0x00000047 or bx, A443h 0x0000004c push FFFFFFFFh 0x0000004e push 00000000h 0x00000050 push eax 0x00000051 call 00007F0C10EAEB38h 0x00000056 pop eax 0x00000057 mov dword ptr [esp+04h], eax 0x0000005b add dword ptr [esp+04h], 00000016h 0x00000063 inc eax 0x00000064 push eax 0x00000065 ret 0x00000066 pop eax 0x00000067 ret 0x00000068 movsx ebx, si 0x0000006b nop 0x0000006c push eax 0x0000006d push edx 0x0000006e jno 00007F0C10EAEB3Ch 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EEB2 second address: D3EEC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F0C10DA403Bh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40CEB second address: D40CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EEC9 second address: D3EECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41CDB second address: D41CE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41CE0 second address: D41CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42F46 second address: D42F69 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0C10EAEB38h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d je 00007F0C10EAEB50h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0C10EAEB3Eh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42F69 second address: D42F6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45B7C second address: D45BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b and di, 47FDh 0x00000010 push 00000000h 0x00000012 js 00007F0C10EAEB39h 0x00000018 and bh, 00000060h 0x0000001b push 00000000h 0x0000001d movsx ebx, si 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jp 00007F0C10EAEB36h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45BA8 second address: D45BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D44E23 second address: D44E3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edi 0x0000000c jo 00007F0C10EAEB3Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45CF1 second address: D45CF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46CDF second address: D46CE5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F4E2 second address: D4F503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F0C10DA4046h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F503 second address: D4F51B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0C10EAEB42h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F51B second address: D4F55B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F0C10DA4048h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 jmp 00007F0C10DA4042h 0x00000019 jng 00007F0C10DA4036h 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F55B second address: D4F567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F0C10EAEB36h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F7EB second address: D4F7EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F7EF second address: D4F80E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0C10EAEB49h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F80E second address: D4F816 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F816 second address: D4F81A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F81A second address: D4F820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F820 second address: D4F848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F0C10EAEB3Ah 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F0C10EAEB41h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54E72 second address: D54E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54E76 second address: D54EAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push ecx 0x00000009 jg 00007F0C10EAEB3Ch 0x0000000f pop ecx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push edi 0x00000015 jmp 00007F0C10EAEB3Fh 0x0000001a pop edi 0x0000001b mov eax, dword ptr [eax] 0x0000001d jng 00007F0C10EAEB4Fh 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59C83 second address: D59C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4041h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59097 second address: D590B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB43h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D594FE second address: D59508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5966E second address: D59672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59672 second address: D5967B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5967B second address: D59680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59680 second address: D5968D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4038h 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59983 second address: D59987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59987 second address: D5998B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5998B second address: D599AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F0C10EAEB38h 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007F0C10EAEB3Fh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59B17 second address: D59B1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59B1D second address: D59B2F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F0C10EAEB5Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59B2F second address: D59B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D361D4 second address: D361FD instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F0C10EAEB4Bh 0x00000014 jmp 00007F0C10EAEB45h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D361FD second address: D36203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36203 second address: D36207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36207 second address: B8890F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov ecx, dword ptr [ebp+1246C866h] 0x0000000f push dword ptr [ebp+122D0C71h] 0x00000015 call dword ptr [ebp+122D3013h] 0x0000001b pushad 0x0000001c jmp 00007F0C10DA4043h 0x00000021 xor eax, eax 0x00000023 jng 00007F0C10DA4037h 0x00000029 mov edx, dword ptr [esp+28h] 0x0000002d or dword ptr [ebp+122D2630h], edx 0x00000033 cmc 0x00000034 mov dword ptr [ebp+122D34DEh], eax 0x0000003a pushad 0x0000003b mov dword ptr [ebp+122D2630h], ebx 0x00000041 popad 0x00000042 mov esi, 0000003Ch 0x00000047 pushad 0x00000048 mov ax, cx 0x0000004b popad 0x0000004c add esi, dword ptr [esp+24h] 0x00000050 jmp 00007F0C10DA403Fh 0x00000055 lodsw 0x00000057 sub dword ptr [ebp+122D2630h], ecx 0x0000005d add eax, dword ptr [esp+24h] 0x00000061 mov dword ptr [ebp+122D2630h], esi 0x00000067 mov ebx, dword ptr [esp+24h] 0x0000006b jmp 00007F0C10DA4042h 0x00000070 push eax 0x00000071 pushad 0x00000072 jmp 00007F0C10DA403Dh 0x00000077 pushad 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D362B9 second address: D362BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36522 second address: D36529 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3674D second address: D367B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F0C10EAEB38h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D2F4Fh] 0x0000002a cld 0x0000002b push 00000004h 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007F0C10EAEB38h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 0000001Ah 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 push edi 0x00000048 mov edx, dword ptr [ebp+122D193Fh] 0x0000004e pop edx 0x0000004f nop 0x00000050 jc 00007F0C10EAEB48h 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D367B2 second address: D367B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D367B6 second address: D367D1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jng 00007F0C10EAEB3Ch 0x00000012 jg 00007F0C10EAEB36h 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D331C1 second address: D331C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36DEA second address: D36E1D instructions: 0x00000000 rdtsc 0x00000002 je 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jbe 00007F0C10EAEB4Ah 0x00000014 jmp 00007F0C10EAEB44h 0x00000019 mov eax, dword ptr [eax] 0x0000001b push ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e jg 00007F0C10EAEB36h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36EEB second address: D15AD2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, dword ptr [ebp+122D2764h] 0x00000011 lea eax, dword ptr [ebp+12480A20h] 0x00000017 jno 00007F0C10DA403Ch 0x0000001d push eax 0x0000001e jmp 00007F0C10DA4044h 0x00000023 mov dword ptr [esp], eax 0x00000026 mov edi, dword ptr [ebp+122D1E0Dh] 0x0000002c lea eax, dword ptr [ebp+124809DCh] 0x00000032 push eax 0x00000033 jnc 00007F0C10DA404Dh 0x00000039 mov dword ptr [esp], eax 0x0000003c push 00000000h 0x0000003e push ecx 0x0000003f call 00007F0C10DA4038h 0x00000044 pop ecx 0x00000045 mov dword ptr [esp+04h], ecx 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc ecx 0x00000052 push ecx 0x00000053 ret 0x00000054 pop ecx 0x00000055 ret 0x00000056 call dword ptr [ebp+1244606Fh] 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D15AD2 second address: D15AEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F0C10EAEB48h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D15AEF second address: D15AF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D15AF5 second address: D15B13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F0C10EAEB36h 0x00000010 jmp 00007F0C10EAEB3Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D324 second address: D5D328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D328 second address: D5D339 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D339 second address: D5D355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0C10DA4046h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D355 second address: D5D35E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D4C3 second address: D5D4D2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0C10DA403Ah 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D4D2 second address: D5D526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0C10EAEB36h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F0C10EAEB49h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 jmp 00007F0C10EAEB41h 0x0000001a jg 00007F0C10EAEB3Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F0C10EAEB3Ch 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D526 second address: D5D52A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D821 second address: D5D82A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D82A second address: D5D836 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jc 00007F0C10DA4036h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D999 second address: D5D9A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D9A0 second address: D5D9AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F0C10DA4036h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5DAE8 second address: D5DAEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64B5F second address: D64B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0C10DA4046h 0x00000011 jng 00007F0C10DA4036h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64B87 second address: D64BA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0A6B second address: CF0A71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0A71 second address: CF0A77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63413 second address: D6341A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6341A second address: D63446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F0C10EAEB36h 0x0000000a jmp 00007F0C10EAEB49h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007F0C10EAEB36h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D636F9 second address: D6370C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F0C10DA403Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63B68 second address: D63B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jns 00007F0C10EAEB36h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63D0A second address: D63D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4042h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63D21 second address: D63D26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63D26 second address: D63D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F0C10DA403Fh 0x0000000b popad 0x0000000c jng 00007F0C10DA403Ch 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push edx 0x00000015 jne 00007F0C10DA4038h 0x0000001b push eax 0x0000001c push edx 0x0000001d jng 00007F0C10DA4036h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63D5B second address: D63D5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63EB1 second address: D63ED0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0C10DA4040h 0x00000008 jne 00007F0C10DA4036h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64035 second address: D6407C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0C10EAEB36h 0x00000008 jno 00007F0C10EAEB36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jno 00007F0C10EAEB46h 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 jng 00007F0C10EAEB36h 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 push edx 0x00000025 jmp 00007F0C10EAEB40h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64316 second address: D64327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F0C10DA4036h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64327 second address: D6432B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6432B second address: D64331 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64331 second address: D64336 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D644DC second address: D644F7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0C10DA4036h 0x00000008 jng 00007F0C10DA4036h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push edi 0x00000012 pop edi 0x00000013 jne 00007F0C10DA4036h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D644F7 second address: D644FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D649F5 second address: D649FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D649FE second address: D64A04 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64A04 second address: D64A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10DA403Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63161 second address: D63167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63167 second address: D63175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 js 00007F0C10DA4036h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D673BF second address: D673D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB3Fh 0x00000009 jno 00007F0C10EAEB36h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D673D8 second address: D673DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D673DC second address: D673F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10EAEB42h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D673F6 second address: D67411 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4041h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6A70C second address: D6A710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6A710 second address: D6A71F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA403Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6A71F second address: D6A726 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6ED77 second address: D6EDBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4049h 0x00000009 jmp 00007F0C10DA4049h 0x0000000e popad 0x0000000f push esi 0x00000010 jne 00007F0C10DA4036h 0x00000016 pop esi 0x00000017 jg 00007F0C10DA4042h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6EDBE second address: D6EDC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F09C second address: D6F0AC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jo 00007F0C10DA4036h 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F0AC second address: D6F0B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F0B2 second address: D6F0B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F0B6 second address: D6F0BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F0BA second address: D6F0C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F0C0 second address: D6F0CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F53F second address: D6F549 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0C10DA403Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F83D second address: D6F848 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F848 second address: D6F854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6FB16 second address: D6FB22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F0C10EAEB36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D75381 second address: D753C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4042h 0x00000009 jmp 00007F0C10DA403Dh 0x0000000e popad 0x0000000f pop edx 0x00000010 pushad 0x00000011 jne 00007F0C10DA4042h 0x00000017 jng 00007F0C10DA4036h 0x0000001d jnp 00007F0C10DA4036h 0x00000023 push eax 0x00000024 push edx 0x00000025 js 00007F0C10DA4036h 0x0000002b jc 00007F0C10DA4036h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D75697 second address: D7569C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77C6E second address: D77C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77C79 second address: D77C7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77C7D second address: D77CA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007F0C10DA4041h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7CA9E second address: D7CAAD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F0C10EAEB3Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7CAAD second address: D7CAD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4044h 0x00000009 pushad 0x0000000a jmp 00007F0C10DA4041h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BD9F second address: D7BDA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BDA5 second address: D7BDA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BEEA second address: D7BEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BEF0 second address: D7BEF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BEF7 second address: D7BEFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C087 second address: D7C0A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0C10DA403Dh 0x0000000c jc 00007F0C10DA4036h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C1F8 second address: D7C1FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C1FE second address: D7C219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0C10DA403Fh 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C219 second address: D7C21D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C21D second address: D7C221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C35B second address: D7C362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D82409 second address: D8240D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8240D second address: D82435 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 je 00007F0C10EAEB36h 0x0000000d pop esi 0x0000000e pushad 0x0000000f jne 00007F0C10EAEB36h 0x00000015 jnp 00007F0C10EAEB36h 0x0000001b popad 0x0000001c popad 0x0000001d push eax 0x0000001e jo 00007F0C10EAEB3Eh 0x00000024 pushad 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D80CB1 second address: D80CC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10DA4041h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D80CC6 second address: D80CCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81146 second address: D81150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0C10DA4036h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D369AD second address: D369C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D369C7 second address: D36A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, edx 0x0000000b push 00000004h 0x0000000d jmp 00007F0C10DA4047h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jp 00007F0C10DA4047h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D815A1 second address: D815A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D815A9 second address: D815B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D815B4 second address: D815B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D815B8 second address: D815CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0C10DA403Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D815CE second address: D815FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 jc 00007F0C10EAEB36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 pop esi 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 jnp 00007F0C10EAEB42h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81734 second address: D8173A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8173A second address: D8174B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F0C10EAEB3Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8174B second address: D8176C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA403Dh 0x00000007 jnp 00007F0C10DA403Ch 0x0000000d je 00007F0C10DA4036h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D82149 second address: D8215E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0C10EAEB3Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8215E second address: D8216C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D860AB second address: D860DE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0C10EAEB3Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0C10EAEB3Dh 0x0000000f jmp 00007F0C10EAEB48h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D860DE second address: D860EF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F0C10DA4036h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85785 second address: D8578F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D858E5 second address: D858EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85A19 second address: D85A1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85A1E second address: D85A2E instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10DA4038h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85A2E second address: D85A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85D50 second address: D85D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85D56 second address: D85D5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8D3BD second address: D8D413 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0C10DA4041h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F0C10DA403Ch 0x00000010 popad 0x00000011 pushad 0x00000012 push esi 0x00000013 jmp 00007F0C10DA4045h 0x00000018 push esi 0x00000019 pop esi 0x0000001a pop esi 0x0000001b jmp 00007F0C10DA4044h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8D413 second address: D8D417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8D417 second address: D8D420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B6D8 second address: D8B6E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F0C10EAEB36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B6E9 second address: D8B6F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jc 00007F0C10DA4042h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8BC8B second address: D8BCA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0C10EAEB45h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8BCA6 second address: D8BCC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0C10DA4047h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C57C second address: D8C580 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C580 second address: D8C58A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C58A second address: D8C58E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C825 second address: D8C82E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C82E second address: D8C85D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB48h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0C10EAEB40h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8CB38 second address: D8CB3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90FB1 second address: D90FB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90FB5 second address: D90FB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90FB9 second address: D90FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90FBF second address: D90FD4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0C10DA403Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90FD4 second address: D90FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D912AD second address: D912D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0C10DA4036h 0x0000000a pop edi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0C10DA4045h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D916DF second address: D916E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D916E5 second address: D916EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CFA3 second address: D9CFC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F0C10EAEB36h 0x0000000d jmp 00007F0C10EAEB48h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CFC8 second address: D9CFEE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F0C10DA403Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F0C10DA4038h 0x00000013 jnl 00007F0C10DA403Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D15F second address: D9D165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D700 second address: D9D704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D704 second address: D9D738 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F0C10EAEB49h 0x0000000e jmp 00007F0C10EAEB40h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D738 second address: D9D743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D743 second address: D9D747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DB4C second address: D9DB60 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jne 00007F0C10DA4036h 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DB60 second address: D9DB66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DB66 second address: D9DB6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DE41 second address: D9DE5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB43h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E51A second address: D9E54D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA403Fh 0x00000009 popad 0x0000000a jmp 00007F0C10DA4040h 0x0000000f jmp 00007F0C10DA403Bh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E54D second address: D9E557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0C10EAEB36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E557 second address: D9E569 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 ja 00007F0C10DA4042h 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9ECD6 second address: D9ECFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0C10EAEB3Fh 0x0000000c jmp 00007F0C10EAEB42h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A0D second address: DA3A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A13 second address: DA3A1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A1F second address: DA3A23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A23 second address: DA3A27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A27 second address: DA3A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A2D second address: DA3A49 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0C10EAEB4Eh 0x00000008 jmp 00007F0C10EAEB42h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A49 second address: DA3A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F0C10DA4043h 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ebx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A6C second address: DA3A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A72 second address: DA3A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A78 second address: DA3A9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jl 00007F0C10EAEB36h 0x0000000e jmp 00007F0C10EAEB46h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A9E second address: DA3AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB85B second address: CEB867 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0C10EAEB36h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB867 second address: CEB899 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jp 00007F0C10DA4036h 0x00000009 jnl 00007F0C10DA4036h 0x0000000f pop edi 0x00000010 pushad 0x00000011 je 00007F0C10DA4036h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007F0C10DA403Bh 0x00000024 jg 00007F0C10DA4036h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB899 second address: CEB8C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB41h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F0C10EAEB41h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB8C3 second address: CEB8C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB8C9 second address: CEB8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB8CE second address: CEB8D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA8453 second address: DA8457 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA8457 second address: DA8463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0C10DA4036h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA8463 second address: DA846F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F0C10EAEB36h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4EA5 second address: DB4F1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F0C10DA4049h 0x00000010 ja 00007F0C10DA4036h 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 jmp 00007F0C10DA4047h 0x0000001e jmp 00007F0C10DA4044h 0x00000023 pushad 0x00000024 jmp 00007F0C10DA4045h 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b popad 0x0000002c push ebx 0x0000002d pushad 0x0000002e popad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB78EC second address: DB78F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBE511 second address: DBE525 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4040h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBE525 second address: DBE52E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCDD1D second address: DCDD21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2F63 second address: DD2F80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0C10EAEB42h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2F80 second address: DD2F90 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0C10DA4036h 0x00000008 jnc 00007F0C10DA4036h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2F90 second address: DD2FB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F0C10EAEB3Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2FB5 second address: DD2FBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2FBD second address: DD2FC7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0C10EAEB36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2FC7 second address: DD2FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10DA403Dh 0x0000000d jnl 00007F0C10DA4036h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3117 second address: DD311B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD311B second address: DD3121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3121 second address: DD3127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3127 second address: DD312D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD312D second address: DD3131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3131 second address: DD3135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3135 second address: DD3144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD33C7 second address: DD33CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE68FA second address: CE68FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9898 second address: DD989E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD942D second address: DD9433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9433 second address: DD9438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9438 second address: DD9446 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 js 00007F0C10EAEB36h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9446 second address: DD944C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9594 second address: DD959E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F0C10EAEB36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD959E second address: DD95A8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD95A8 second address: DD95B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7F12 second address: DE7F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7F1A second address: DE7F37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Dh 0x00000007 jmp 00007F0C10EAEB3Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE978E second address: DE9798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F0C10DA4036h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9798 second address: DE979E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE979E second address: DE97B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F0C10DA4043h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9605 second address: DE9610 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F0C10EAEB36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE32E1 second address: DE32E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE32E5 second address: DE3301 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3301 second address: DE3307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3307 second address: DE3310 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3310 second address: DE3318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3318 second address: DE3338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0C10EAEB47h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3338 second address: DE333C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE333C second address: DE3342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF6533 second address: DF653F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0C10DA4036h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BF4A second address: E0BF51 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BF51 second address: E0BF5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F0C10DA4036h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B2C6 second address: E0B2DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F0C10EAEB3Ah 0x0000000b jnl 00007F0C10EAEB36h 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B2DF second address: E0B307 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4048h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0C10DA403Ah 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B640 second address: E0B64A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0C10EAEB3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B94F second address: E0B953 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BAE3 second address: E0BAE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0E91D second address: E0E923 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0EA06 second address: E0EA0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0EC71 second address: E0EC85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10DA4040h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0EC85 second address: E0ECCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F0C10EAEB3Bh 0x0000000f push edx 0x00000010 jmp 00007F0C10EAEB40h 0x00000015 pop edx 0x00000016 popad 0x00000017 nop 0x00000018 mov dx, bx 0x0000001b push 00000004h 0x0000001d mov edx, esi 0x0000001f jmp 00007F0C10EAEB3Ch 0x00000024 push E83CF0D0h 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0ECCB second address: E0ECCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30D6A second address: D30D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30D6E second address: D30D74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30D74 second address: D30D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30F97 second address: D30F9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30F9B second address: D30FB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B8896F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B888B0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D25B55 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D24E69 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D35DC1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: DA9E9F instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B888F0 rdtsc

0_2_00B888F0

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 2516	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2476	Thread sleep time: -30000s >= -30000s			Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1736443123.000000000142E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@sI
Source: file.exe, 00000000.00000002.1736490291.0000000001486000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735608820.0000000001485000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B888F0 rdtsc

0_2_00B888F0

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B6B480 LdrInitializeThunk,

0_2_00B6B480

Source: file.exe, 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: ~Program Manager
Source: file.exe	Binary or memory string: W~Program Manager

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.80.1	atten-supporse.biz	United States		13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
atten-supporse.biz	104.21.80.1	true

Contacted URLs

Name	Malicious	Reputation
dare-curbys.biz	false	high
impend-differ.biz	false	high
zinc-sneark.biz	false	high
covery-mover.biz	false	high
formy-spill.biz	false	high
atten-supporse.biz	false	high
https://atten-supporse.biz/api	false	high
se-blurry.biz	false	high
print-vexer.biz	false	high
dwell-exclaim.biz	false	high

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://atten-supporse.biz/7E	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/gE	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/WE	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/GE1	Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/apiw3	Avira URL Cloud: Label: malware

Found malware configuration

Source: file.exe.2080.0.memstrmin

Multi AV Scanner detection for submitted file

Source: file.exe

Virustotal: Detection: 48%

Perma Link

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: impend-differ.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: print-vexer.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: dare-curbys.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: covery-mover.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: formy-spill.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: dwell-exclaim.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: zinc-sneark.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: se-blurry.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: atten-supporse.biz
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000003.1692660005.00000000052D0000.00000004.00001000.00020000.00000000.sdmp	String decryptor: LOGS11--LiveTraffic

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49730 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h]	0_2_00B3A960
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edx], bl	0_2_00B3CE55
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00B39CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00B55F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00B5A060
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h]	0_2_00B56170
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00B52270
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h	0_2_00B3C274
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push eax	0_2_00B3C36E
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00B645F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh	0_2_00B6E690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B586F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00B566E7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h]	0_2_00B5C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_00B5C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00B5C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h]	0_2_00B5C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h	0_2_00B5A630
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B50717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00B50717
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B586F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebp, dword ptr [esp+0Ch]	0_2_00B5AAD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B6CAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2]	0_2_00B66B20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi]	0_2_00B32B70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B6CCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B6CD60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h	0_2_00B4CEA5
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00B46E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00B46E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B6CE00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h	0_2_00B44F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_00B44F08
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ebx, 03h	0_2_00B58F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00B5D085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], cl	0_2_00B5D085
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00B4D087
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ecx	0_2_00B4D074
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00B47190
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch]	0_2_00B592D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edx, ebx	0_2_00B592D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [00B74284h]	0_2_00B55230
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00B5B3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], bl	0_2_00B5B3DE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [ecx], dx	0_2_00B57307
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, bx	0_2_00B5536C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_00B5B4BB
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B5B475
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]	0_2_00B37470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+esi*4]	0_2_00B37470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h]	0_2_00B596D8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch]	0_2_00B57653
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h	0_2_00B55920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, eax	0_2_00B35910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00B35910
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00B46E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, eax	0_2_00B46E97
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh]	0_2_00B4597D
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [eax], cl	0_2_00B45ADC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h	0_2_00B6DBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh	0_2_00B6DCF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h	0_2_00B49C10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00B47E82
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh]	0_2_00B45EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B51EE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h	0_2_00B6DFB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00B5BFD3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah]	0_2_00B5BFDA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh]	0_2_00B55F7D

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.4:49250 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49731 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.4:49730 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.80.1:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: dwell-exclaim.biz
Source: Malware configuration extractor	URLs: zinc-sneark.biz
Source: Malware configuration extractor	URLs: atten-supporse.biz
Source: Malware configuration extractor	URLs: formy-spill.biz
Source: Malware configuration extractor	URLs: print-vexer.biz
Source: Malware configuration extractor	URLs: impend-differ.biz
Source: Malware configuration extractor	URLs: covery-mover.biz
Source: Malware configuration extractor	URLs: se-blurry.biz
Source: Malware configuration extractor	URLs: dare-curbys.biz

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.80.1:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.80.1:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

Source: unknown

UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

DNS traffic detected: DNS query: atten-supporse.biz

Source: unknown

Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/7E
Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/GE1
Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/WE
Source: file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apii
Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apit
Source: file.exe, 00000000.00000002.1736490291.0000000001486000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735608820.0000000001485000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/apiw3
Source: file.exe, 00000000.00000003.1735592973.00000000014D7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736587563.00000000014DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz/gE
Source: file.exe, 00000000.00000003.1735492795.000000000146F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1736490291.000000000146F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://atten-supporse.biz:443/api

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 104.21.80.1:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B387F0	0_2_00B387F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3A960	0_2_00B3A960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66F90	0_2_00B66F90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C700C6	0_2_00C700C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B580B0	0_2_00B580B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD80B2	0_2_00BD80B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C0D7	0_2_00C3C0D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4088	0_2_00BE4088
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C0F7	0_2_00C1C0F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C081	0_2_00B9C081
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBC082	0_2_00BBC082
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6C0FD	0_2_00C6C0FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C280FE	0_2_00C280FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4	0_2_00BC00E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C500A2	0_2_00C500A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFC0D6	0_2_00BFC0D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAA0D6	0_2_00BAA0D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B680D9	0_2_00B680D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF20D0	0_2_00BF20D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7E044	0_2_00C7E044
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6A030	0_2_00B6A030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C90040	0_2_00C90040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD202C	0_2_00BD202C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E058	0_2_00C5E058
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEC077	0_2_00BEC077
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0070	0_2_00BB0070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B55F7D	0_2_00B55F7D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C12017	0_2_00C12017
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0067	0_2_00BF0067
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3E06A	0_2_00B3E06A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74020	0_2_00C74020
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E028	0_2_00C3E028
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2A036	0_2_00C2A036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C98036	0_2_00C98036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA1CC	0_2_00CAA1CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAC19D	0_2_00BAC19D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B381F0	0_2_00B381F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA81F2	0_2_00BA81F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA0186	0_2_00CA0186
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C48198	0_2_00C48198
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C961A9	0_2_00C961A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B601D0	0_2_00B601D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC21C9	0_2_00BC21C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C261B8	0_2_00C261B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80143	0_2_00C80143
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE12A	0_2_00BEE12A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66153	0_2_00C66153
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7A16B	0_2_00C7A16B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5A100	0_2_00B5A100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9A17F	0_2_00C9A17F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7817C	0_2_00C7817C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1A17F	0_2_00C1A17F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3417C	0_2_00C3417C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B56170	0_2_00B56170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C08109	0_2_00C08109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC15E	0_2_00BDC15E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C52126	0_2_00C52126
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7612B	0_2_00C7612B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9E140	0_2_00B9E140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0E139	0_2_00C0E139
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C002C8	0_2_00C002C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C202CC	0_2_00C202CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C862DD	0_2_00C862DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3E2A9	0_2_00B3E2A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE228E	0_2_00BE228E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C162F3	0_2_00C162F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C102FD	0_2_00C102FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C502FB	0_2_00C502FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF42FA	0_2_00BF42FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE62E7	0_2_00BE62E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C542A7	0_2_00C542A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE82D7	0_2_00BE82D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B982CB	0_2_00B982CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6E2C0	0_2_00B6E2C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA233	0_2_00BFA233
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9A219	0_2_00B9A219
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B36200	0_2_00B36200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24275	0_2_00C24275
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B34270	0_2_00B34270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B52270	0_2_00B52270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC274	0_2_00BCC274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9E21F	0_2_00C9E21F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4222E	0_2_00C4222E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C02230	0_2_00C02230
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA6246	0_2_00BA6246
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C363C2	0_2_00C363C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C183CD	0_2_00C183CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C443D5	0_2_00C443D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E3D1	0_2_00C6E3D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE03D5	0_2_00CE03D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C3E5	0_2_00C4C3E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0399	0_2_00BF0399
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEE38C	0_2_00BEE38C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C843FB	0_2_00C843FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C943FE	0_2_00C943FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C303FF	0_2_00C303FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6A3F0	0_2_00B6A3F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4E38C	0_2_00C4E38C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB63F6	0_2_00BB63F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA239E	0_2_00CA239E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBC3E5	0_2_00BBC3E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2E3A7	0_2_00C2E3A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3A3AA	0_2_00C3A3AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC3CC	0_2_00BCC3CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C338	0_2_00B9C338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8338	0_2_00BB8338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72343	0_2_00C72343
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC338	0_2_00BDC338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E36F	0_2_00C8E36F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C36D	0_2_00C3C36D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8C319	0_2_00C8C319
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4C360	0_2_00B4C360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB435F	0_2_00BB435F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C96331	0_2_00C96331
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C884C5	0_2_00C884C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C244EB	0_2_00C244EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C481	0_2_00B9C481
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF24F2	0_2_00BF24F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C495	0_2_00C1C495
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAA4D1	0_2_00BAA4D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C904A4	0_2_00C904A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7C4A8	0_2_00C7C4A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E4B4	0_2_00C3E4B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B964C4	0_2_00B964C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0A441	0_2_00C0A441
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9243A	0_2_00B9243A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66430	0_2_00B66430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3245B	0_2_00C3245B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7E458	0_2_00C7E458
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD040E	0_2_00BD040E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94407	0_2_00B94407
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1441C	0_2_00C1441C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5041B	0_2_00C5041B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE456	0_2_00BCE456
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C48435	0_2_00C48435
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1243D	0_2_00C1243D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C105C8	0_2_00C105C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C665CA	0_2_00C665CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7E5CA	0_2_00C7E5CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2A5EB	0_2_00C2A5EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEA592	0_2_00BEA592
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9E596	0_2_00B9E596
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBE588	0_2_00BBE588
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C70581	0_2_00C70581
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA5E5	0_2_00BFA5E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0C5B2	0_2_00C0C5B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C540	0_2_00C4C540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9855E	0_2_00C9855E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB0513	0_2_00BB0513
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFC514	0_2_00BFC514
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5056E	0_2_00C5056E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8579	0_2_00BD8579
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B46571	0_2_00B46571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC2577	0_2_00BC2577
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9A502	0_2_00C9A502
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C066D0	0_2_00C066D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA86AC	0_2_00BA86AC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEA6EE	0_2_00CEA6EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B36690	0_2_00B36690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB869F	0_2_00BB869F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66690	0_2_00B66690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6E690	0_2_00B6E690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C726EB	0_2_00C726EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B566E7	0_2_00B566E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5C6D7	0_2_00B5C6D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C766AB	0_2_00C766AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C206BE	0_2_00C206BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFC6C1	0_2_00BFC6C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C64641	0_2_00C64641
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C36650	0_2_00C36650
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC4628	0_2_00BC4628
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C65D	0_2_00C3C65D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8C66F	0_2_00C8C66F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74670	0_2_00C74670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA4603	0_2_00BA4603
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B42670	0_2_00B42670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFE671	0_2_00BFE671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5460A	0_2_00C5460A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0461D	0_2_00C0461D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2461C	0_2_00C2461C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDE646	0_2_00BDE646
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF67B7	0_2_00BF67B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B927B5	0_2_00B927B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C927C6	0_2_00C927C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B467A5	0_2_00B467A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C147E7	0_2_00C147E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4E7EE	0_2_00C4E7EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C027ED	0_2_00C027ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C587F5	0_2_00C587F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C567FD	0_2_00C567FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C967F1	0_2_00C967F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5A7F8	0_2_00C5A7F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0E781	0_2_00C0E781
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE27F7	0_2_00BE27F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3E78C	0_2_00C3E78C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1E793	0_2_00C1E793
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDC7DE	0_2_00BDC7DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB47DF	0_2_00BB47DF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B967C9	0_2_00B967C9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C367B0	0_2_00C367B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E7BE	0_2_00C8E7BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C18741	0_2_00C18741
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9874D	0_2_00C9874D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B48731	0_2_00B48731
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C78757	0_2_00C78757
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B50717	0_2_00B50717
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9870A	0_2_00B9870A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA705	0_2_00BBA705
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCE77B	0_2_00BCE77B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC8754	0_2_00BC8754
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDA755	0_2_00BDA755
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2C73D	0_2_00C2C73D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C948CF	0_2_00C948CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA48B5	0_2_00BA48B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAA899	0_2_00BAA899
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C048E9	0_2_00C048E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4C8FF	0_2_00C4C8FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC28F7	0_2_00BC28F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCA8F1	0_2_00BCA8F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAC838	0_2_00BAC838
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6E844	0_2_00C6E844
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8A840	0_2_00C8A840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6831	0_2_00BB6831
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9082D	0_2_00B9082D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8885F	0_2_00C8885F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C62866	0_2_00C62866
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C40866	0_2_00C40866
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEC81D	0_2_00BEC81D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC80D	0_2_00BCC80D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C16800	0_2_00C16800
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4681A	0_2_00C4681A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE8826	0_2_00CE8826
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C841	0_2_00B9C841
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE49BA	0_2_00BE49BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C209CE	0_2_00C209CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C349D1	0_2_00C349D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFA9A2	0_2_00BFA9A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C849D6	0_2_00C849D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B38990	0_2_00B38990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC498A	0_2_00BC498A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCC985	0_2_00BCC985
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C58980	0_2_00C58980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10988	0_2_00C10988
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4A9AA	0_2_00C4A9AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C389B0	0_2_00C389B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9A94E	0_2_00C9A94E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C90958	0_2_00C90958
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3C95C	0_2_00C3C95C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54972	0_2_00C54972
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE2977	0_2_00CE2977
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6A901	0_2_00C6A901
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB2972	0_2_00BB2972
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5297F	0_2_00B5297F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC0973	0_2_00BC0973
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6091C	0_2_00C6091C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAC964	0_2_00BAC964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0A921	0_2_00C0A921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD095F	0_2_00BD095F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE6958	0_2_00BE6958
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8E932	0_2_00C8E932
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4944	0_2_00BB4944
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDEAB7	0_2_00BDEAB7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46ACF	0_2_00C46ACF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98AB4	0_2_00B98AB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF0AAF	0_2_00BF0AAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C54AD4	0_2_00C54AD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCEA99	0_2_00BCEA99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00AF0	0_2_00C00AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7EAF7	0_2_00C7EAF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBAA88	0_2_00BBAA88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74A90	0_2_00C74A90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2AAA2	0_2_00C2AAA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5EAAF	0_2_00C5EAAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA8AD1	0_2_00BA8AD1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6CAC0	0_2_00B6CAC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF4AC4	0_2_00BF4AC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8A3D	0_2_00BD8A3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0CA47	0_2_00C0CA47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C70A49	0_2_00C70A49
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBEA29	0_2_00BBEA29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2EA56	0_2_00C2EA56
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA6A2F	0_2_00BA6A2F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C26A55	0_2_00C26A55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C28A65	0_2_00C28A65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDAA01	0_2_00BDAA01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7AA7B	0_2_00C7AA7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF2A09	0_2_00CF2A09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C92A17	0_2_00C92A17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6CA25	0_2_00C6CA25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B3CA54	0_2_00B3CA54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9EA23	0_2_00C9EA23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8CA39	0_2_00C8CA39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B44A40	0_2_00B44A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEAA46	0_2_00BEAA46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80A34	0_2_00C80A34
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86BCE	0_2_00C86BCE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C36BC4	0_2_00C36BC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B34BA0	0_2_00B34BA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA2BAE	0_2_00BA2BAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCABA6	0_2_00BCABA6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94BA7	0_2_00B94BA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C62BE4	0_2_00C62BE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C42BEF	0_2_00C42BEF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C26BF3	0_2_00C26BF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE2BF3	0_2_00BE2BF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C04B8D	0_2_00C04B8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C56B8B	0_2_00C56B8B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2EB93	0_2_00C2EB93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C24B9F	0_2_00C24B9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C48BA4	0_2_00C48BA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1CBAD	0_2_00C1CBAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4BD3	0_2_00BE4BD3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C94BBB	0_2_00C94BBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C40BBD	0_2_00C40BBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C18BBB	0_2_00C18BBB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9ABC7	0_2_00B9ABC7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF8B37	0_2_00BF8B37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFCB27	0_2_00BFCB27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BECB0D	0_2_00BECB0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B46B7E	0_2_00B46B7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9EB74	0_2_00B9EB74
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C76B2C	0_2_00C76B2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4B51	0_2_00BD4B51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4CB5A	0_2_00B4CB5A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6B4B	0_2_00BB6B4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2CB33	0_2_00C2CB33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C08B3C	0_2_00C08B3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C14CC9	0_2_00C14CC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C32CC8	0_2_00C32CC8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA6CF9	0_2_00BA6CF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C02C8A	0_2_00C02C8A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C16C8D	0_2_00C16C8D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B52CF8	0_2_00B52CF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6CCE0	0_2_00B6CCE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C80CAA	0_2_00C80CAA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0AC58	0_2_00C0AC58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C50C5F	0_2_00C50C5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B48C1E	0_2_00B48C1E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC0C7C	0_2_00BC0C7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAAC7B	0_2_00BAAC7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C72C16	0_2_00C72C16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8AC16	0_2_00C8AC16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA0C29	0_2_00CA0C29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9CC26	0_2_00C9CC26
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCEC4F	0_2_00BCEC4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C82C3C	0_2_00C82C3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C96C3D	0_2_00C96C3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B66C40	0_2_00B66C40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B64C4D	0_2_00B64C4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C46DE7	0_2_00C46DE7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB2DFC	0_2_00BB2DFC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDADE0	0_2_00BDADE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C62D55	0_2_00C62D55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8AD5C	0_2_00C8AD5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6CD50	0_2_00C6CD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD8D21	0_2_00BD8D21
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCAD63	0_2_00CCAD63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0ED6F	0_2_00C0ED6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4D0D	0_2_00BE4D0D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C66D72	0_2_00C66D72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C44D7E	0_2_00C44D7E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFAD03	0_2_00BFAD03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1CD7C	0_2_00C1CD7C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3CD07	0_2_00C3CD07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4AD01	0_2_00C4AD01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCAD77	0_2_00BCAD77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6CD60	0_2_00B6CD60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6ED1A	0_2_00C6ED1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98D55	0_2_00B98D55
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4CD28	0_2_00C4CD28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BACD54	0_2_00BACD54
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4D42	0_2_00BB4D42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF2D46	0_2_00BF2D46
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFCD42	0_2_00BFCD42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC6EB7	0_2_00BC6EB7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B56EBE	0_2_00B56EBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0CED2	0_2_00C0CED2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B32EA0	0_2_00B32EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C94ED1	0_2_00C94ED1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C34EDE	0_2_00C34EDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD4EA2	0_2_00BD4EA2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B46E97	0_2_00B46E97
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2EEE5	0_2_00C2EEE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6E84	0_2_00BB6E84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF2EEF	0_2_00BF2EEF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C98E98	0_2_00C98E98
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98EED	0_2_00B98EED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4AE9A	0_2_00C4AE9A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C20EA4	0_2_00C20EA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9CE3D	0_2_00B9CE3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C64E60	0_2_00C64E60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2AE68	0_2_00C2AE68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4AE00	0_2_00B4AE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B6CE00	0_2_00B6CE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA6E7B	0_2_00BA6E7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5EE09	0_2_00C5EE09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C84E23	0_2_00C84E23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C70E33	0_2_00C70E33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1EFC0	0_2_00C1EFC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B48FAD	0_2_00B48FAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD6FA0	0_2_00BD6FA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C00FE4	0_2_00C00FE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9EFF4	0_2_00C9EFF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B94FE8	0_2_00B94FE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C68F93	0_2_00C68F93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86F9E	0_2_00C86F9E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B40FD6	0_2_00B40FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C32F42	0_2_00C32F42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4EF30	0_2_00B4EF30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B90F31	0_2_00B90F31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA2F31	0_2_00BA2F31
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE8F28	0_2_00BE8F28
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA4F27	0_2_00BA4F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDEF15	0_2_00BDEF15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74F6C	0_2_00C74F6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C60F69	0_2_00C60F69
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2CF73	0_2_00C2CF73
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF0F75	0_2_00CF0F75
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B44F08	0_2_00B44F08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C06F1A	0_2_00C06F1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C04F27	0_2_00C04F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B58F5D	0_2_00B58F5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C10F29	0_2_00C10F29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C92F25	0_2_00C92F25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFEF43	0_2_00BFEF43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDD0B3	0_2_00BDD0B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C410D2	0_2_00C410D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC10A7	0_2_00BC10A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB10A5	0_2_00BB10A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C450ED	0_2_00C450ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C890E6	0_2_00C890E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5D085	0_2_00B5D085
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6B0F6	0_2_00C6B0F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEB08A	0_2_00BEB08A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C9D08E	0_2_00C9D08E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7D08E	0_2_00C7D08E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C05090	0_2_00C05090
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE50D4	0_2_00BE50D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5B0AA	0_2_00C5B0AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC30CA	0_2_00BC30CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5D0BF	0_2_00C5D0BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C090BF	0_2_00C090BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C65040	0_2_00C65040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB7031	0_2_00BB7031
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE3032	0_2_00BE3032
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9701D	0_2_00B9701D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3D06E	0_2_00C3D06E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAF078	0_2_00BAF078
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B39070	0_2_00B39070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C4301D	0_2_00C4301D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0B01C	0_2_00C0B01C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAB067	0_2_00BAB067
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C57035	0_2_00C57035
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2703C	0_2_00C2703C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC91B0	0_2_00BC91B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C511D5	0_2_00C511D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7B1D1	0_2_00C7B1D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C291D9	0_2_00C291D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C471E7	0_2_00C471E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B47190	0_2_00B47190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA7195	0_2_00BA7195
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEF1FC	0_2_00BEF1FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8D18A	0_2_00C8D18A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2F187	0_2_00C2F187
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5F18F	0_2_00C5F18F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C991AD	0_2_00C991AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE11D8	0_2_00BE11D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFF1D8	0_2_00BFF1D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BDD1CC	0_2_00BDD1CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C831BB	0_2_00C831BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BCB1C2	0_2_00BCB1C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C33155	0_2_00C33155
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0F100	0_2_00C0F100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6711E	0_2_00C6711E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9D163	0_2_00B9D163
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB9148	0_2_00BB9148
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C49132	0_2_00C49132
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C81131	0_2_00C81131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C772C6	0_2_00C772C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B492BA	0_2_00B492BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3F2D4	0_2_00C3F2D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9B29E	0_2_00B9B29E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF528D	0_2_00BF528D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B932F8	0_2_00B932F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D65293	0_2_00D65293
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB32F6	0_2_00BB32F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA52F4	0_2_00BA52F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0D295	0_2_00C0D295
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B592D0	0_2_00B592D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C792B7	0_2_00C792B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3D248	0_2_00C3D248
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1524F	0_2_00C1524F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBB229	0_2_00BBB229
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1D25E	0_2_00C1D25E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA126B	0_2_00CA126B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C39274	0_2_00C39274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB5203	0_2_00BB5203
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C3527C	0_2_00C3527C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6321D	0_2_00C6321D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA9242	0_2_00BA9242

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B38000 appears 55 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B44A30 appears 76 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9975264922145328
Source: file.exe	Static PE information: Section: yvenramj ZLIB complexity 0.9945109935946609

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@1/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B60A6C CoCreateInstance,

0_2_00B60A6C

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

Virustotal: Detection: 48%

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1832448 > 1048576

Source: file.exe

Static PE information: Raw size of yvenramj is bigger than: 0x100000 < 0x197600

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.b30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;yvenramj:EW;vcuwzowy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;yvenramj:EW;vcuwzowy:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1c1fb3 should be: 0x1ce117

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: yvenramj
Source: file.exe	Static PE information: section name: vcuwzowy
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B89295 push 270264ADh; mov dword ptr [esp], ebx	0_2_00B89EA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA0C8 push esi; mov dword ptr [esp], edi	0_2_00CBA103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA0C8 push 791A3594h; mov dword ptr [esp], edx	0_2_00CBA123
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA0C8 push esi; mov dword ptr [esp], ecx	0_2_00CBA178
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBA0C8 push edx; mov dword ptr [esp], ebx	0_2_00CBA1C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D820C8 push ebx; mov dword ptr [esp], edi	0_2_00D82118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9E081 push esi; mov dword ptr [esp], ebp	0_2_00D9E0C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push 69A41596h; mov dword ptr [esp], ecx	0_2_00BC06E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push 4B15E16Bh; mov dword ptr [esp], ecx	0_2_00BC0718
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push eax; mov dword ptr [esp], ebp	0_2_00BC074B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push 60B48A68h; mov dword ptr [esp], eax	0_2_00BC0753
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push ebp; mov dword ptr [esp], 3ACFDE01h	0_2_00BC0816
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push eax; mov dword ptr [esp], ecx	0_2_00BC0884
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push edi; mov dword ptr [esp], eax	0_2_00BC08B6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push 3C7D8C61h; mov dword ptr [esp], ebp	0_2_00BC08CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push edx; mov dword ptr [esp], ecx	0_2_00BC08E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BC00E4 push 1EE7729Bh; mov dword ptr [esp], ecx	0_2_00BC0917
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B88014 push ebp; mov dword ptr [esp], ebx	0_2_00B88016
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C06B push 22CE03E8h; mov dword ptr [esp], eax	0_2_00B8C08A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B88058 push ebx; mov dword ptr [esp], 2CF7511Bh	0_2_00B881B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA1CC push ebx; mov dword ptr [esp], 737D497Ah	0_2_00CAA202
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA1CC push edi; mov dword ptr [esp], ecx	0_2_00CAA304
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA1CC push 156FD93Eh; mov dword ptr [esp], ebp	0_2_00CAA357
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CAA1CC push ecx; mov dword ptr [esp], 1BD9A479h	0_2_00CAA360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9E18D push 54218DBFh; mov dword ptr [esp], eax	0_2_00D9E212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B881E2 push 1E566D7Eh; mov dword ptr [esp], edx	0_2_00B881EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B90174 push esi; mov dword ptr [esp], ebx	0_2_00B90175
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C15B push esi; mov dword ptr [esp], ebx	0_2_00B8C176
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C15B push eax; mov dword ptr [esp], 4F3B63AAh	0_2_00B8C17F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7612B push esi; mov dword ptr [esp], edx	0_2_00C76405
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7612B push ecx; mov dword ptr [esp], edi	0_2_00C7644E

Source: file.exe	Static PE information: section name: entropy: 7.97558968085853
Source: file.exe	Static PE information: section name: yvenramj entropy: 7.953649399394396

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD9D9 second address: CFDA05 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB49h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F0C10EAEB36h 0x00000012 jo 00007F0C10EAEB36h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDA05 second address: CFDA09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDA09 second address: CFDA1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0C10EAEB3Ah 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF40DF second address: CF40E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD13B second address: CFD146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD146 second address: CFD165 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 jmp 00007F0C10DA403Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD165 second address: CFD16B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD16B second address: CFD174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD174 second address: CFD191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB47h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD191 second address: CFD1A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F0C10DA4036h 0x0000000d jc 00007F0C10DA4036h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFA2A second address: CFFA37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFA37 second address: CFFA41 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFA41 second address: CFFA8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F0C10EAEB38h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 jmp 00007F0C10EAEB3Dh 0x0000002b push CEF6D891h 0x00000030 push eax 0x00000031 push edx 0x00000032 jl 00007F0C10EAEB3Ch 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFA8A second address: CFFA8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFBD7 second address: CFFBF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB48h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFBF3 second address: CFFC24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4046h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push esi 0x00000010 push ebx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pop ebx 0x00000014 pop esi 0x00000015 mov eax, dword ptr [eax] 0x00000017 jc 00007F0C10DA403Eh 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFFD7C second address: CFFD80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D20A82 second address: D20AA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4044h 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D20AA2 second address: D20AAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0C10EAEB36h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE199D second address: CE19A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EE71 second address: D1EE75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EE75 second address: D1EE93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10DA4044h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EE93 second address: D1EE97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EE97 second address: D1EE9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EFC5 second address: D1EFD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007F0C10EAEB3Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1F140 second address: D1F15E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 pushad 0x00000009 push edx 0x0000000a jmp 00007F0C10DA403Dh 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1F15E second address: D1F17B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1F17B second address: D1F181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1F709 second address: D1F70D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEE9C second address: CEEEA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEEA0 second address: CEEEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEEAB second address: CEEEBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f pop edx 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEEBE second address: CEEEC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEEEC4 second address: CEEEC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FAAF second address: D1FAB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FAB7 second address: D1FABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FABB second address: D1FADB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0C10EAEB44h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FADB second address: D1FB07 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0C10DA4049h 0x00000012 je 00007F0C10DA4036h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2027A second address: D2027E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2027E second address: D20284 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D20284 second address: D2028B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D20582 second address: D205D0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F0C10DA4045h 0x0000000a pop edi 0x0000000b push ebx 0x0000000c jmp 00007F0C10DA4048h 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push esi 0x00000015 pushad 0x00000016 push edi 0x00000017 pop edi 0x00000018 jmp 00007F0C10DA4041h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D255EC second address: D2561F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F0C10EAEB3Ch 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F0C10EAEB4Eh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2561F second address: D25625 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25625 second address: D25629 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25BCF second address: D25BEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10DA4047h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D24532 second address: D24543 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB3Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25CBC second address: D25CC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25CC2 second address: D25D23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F0C10EAEB3Ah 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 jmp 00007F0C10EAEB49h 0x00000016 jno 00007F0C10EAEB38h 0x0000001c popad 0x0000001d mov eax, dword ptr [eax] 0x0000001f jns 00007F0C10EAEB49h 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 js 00007F0C10EAEB44h 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25D23 second address: D25D27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D277D7 second address: D277DC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFED4 second address: CDFED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFED8 second address: CDFEDE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AE3C second address: D2AE67 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4049h 0x00000007 je 00007F0C10DA4036h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jbe 00007F0C10DA403Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AE67 second address: D2AE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AE6D second address: D2AEA3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F0C10DA403Fh 0x00000008 jmp 00007F0C10DA4042h 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F0C10DA403Fh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AEA3 second address: D2AEA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2AEA7 second address: D2AEC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F0C10DA4041h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E29E second address: D2E2C7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F0C10EAEB3Dh 0x00000010 jo 00007F0C10EAEB36h 0x00000016 popad 0x00000017 popad 0x00000018 push eax 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c push edi 0x0000001d pop edi 0x0000001e push esi 0x0000001f pop esi 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E495 second address: D2E49F instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EC9B second address: D2EC9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EC9F second address: D2ECA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2ED41 second address: D2ED47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2ED47 second address: D2ED78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebx 0x0000000b push 00000000h 0x0000000d push edx 0x0000000e call 00007F0C10DA4038h 0x00000013 pop edx 0x00000014 mov dword ptr [esp+04h], edx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc edx 0x00000021 push edx 0x00000022 ret 0x00000023 pop edx 0x00000024 ret 0x00000025 nop 0x00000026 push ebx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2ED78 second address: D2ED7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EFE3 second address: D2EFED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F0C10DA4036h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EFED second address: D2F016 instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F0C10EAEB48h 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F0E9 second address: D2F0EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F0EE second address: D2F120 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB42h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jg 00007F0C10EAEB36h 0x00000012 jmp 00007F0C10EAEB3Fh 0x00000017 popad 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F8E6 second address: D2F8F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F0C10DA4036h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30232 second address: D302CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0C10EAEB36h 0x0000000a popad 0x0000000b push eax 0x0000000c ja 00007F0C10EAEB4Eh 0x00000012 nop 0x00000013 mov dword ptr [ebp+122D2FEBh], edi 0x00000019 push 00000000h 0x0000001b mov edi, 2CFB9E18h 0x00000020 push 00000000h 0x00000022 push 00000000h 0x00000024 push ecx 0x00000025 call 00007F0C10EAEB38h 0x0000002a pop ecx 0x0000002b mov dword ptr [esp+04h], ecx 0x0000002f add dword ptr [esp+04h], 0000001Ah 0x00000037 inc ecx 0x00000038 push ecx 0x00000039 ret 0x0000003a pop ecx 0x0000003b ret 0x0000003c movsx esi, di 0x0000003f xchg eax, ebx 0x00000040 push ebx 0x00000041 je 00007F0C10EAEB4Fh 0x00000047 jmp 00007F0C10EAEB49h 0x0000004c pop ebx 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F0C10EAEB44h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D300D9 second address: D300DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D31D5A second address: D31D60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D31D60 second address: D31D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D333EE second address: D333F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D375FC second address: D37601 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34769 second address: D34770 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34770 second address: D34786 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F0C10DA403Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D37B6A second address: D37BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 clc 0x00000008 push 00000000h 0x0000000a jmp 00007F0C10EAEB47h 0x0000000f push 00000000h 0x00000011 jno 00007F0C10EAEB50h 0x00000017 push eax 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D35289 second address: D352B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4043h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F0C10DA4044h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D37BB3 second address: D37BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D352B8 second address: D352BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3BCA8 second address: D3BCB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D37E23 second address: D37E27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D39C67 second address: D39C78 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3ADC7 second address: D3ADE8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0C10DA4048h 0x00000008 jmp 00007F0C10DA4042h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 pushad 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3BCB1 second address: D3BCB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D39C78 second address: D39C7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D39C7D second address: D39C84 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DC0C second address: D3DC16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F0C10DA4036h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CE17 second address: D3CE25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DC16 second address: D3DC1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CE25 second address: D3CE2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3DC1A second address: D3DC51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov bh, 4Eh 0x0000000b push 00000000h 0x0000000d mov bx, 8181h 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F0C10DA4038h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edi 0x00000032 pop edi 0x00000033 pop eax 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CE2C second address: D3CE3A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB3Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3ECF2 second address: D3ED12 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F0C10DA4041h 0x0000000c pop edx 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EE2D second address: D3EEB2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0C10EAEB38h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d and bh, 00000016h 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push edx 0x0000001a call 00007F0C10EAEB38h 0x0000001f pop edx 0x00000020 mov dword ptr [esp+04h], edx 0x00000024 add dword ptr [esp+04h], 00000017h 0x0000002c inc edx 0x0000002d push edx 0x0000002e ret 0x0000002f pop edx 0x00000030 ret 0x00000031 sbb bl, 00000072h 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b mov dword ptr [ebp+122D2EC6h], ecx 0x00000041 mov eax, dword ptr [ebp+122D0271h] 0x00000047 or bx, A443h 0x0000004c push FFFFFFFFh 0x0000004e push 00000000h 0x00000050 push eax 0x00000051 call 00007F0C10EAEB38h 0x00000056 pop eax 0x00000057 mov dword ptr [esp+04h], eax 0x0000005b add dword ptr [esp+04h], 00000016h 0x00000063 inc eax 0x00000064 push eax 0x00000065 ret 0x00000066 pop eax 0x00000067 ret 0x00000068 movsx ebx, si 0x0000006b nop 0x0000006c push eax 0x0000006d push edx 0x0000006e jno 00007F0C10EAEB3Ch 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EEB2 second address: D3EEC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F0C10DA403Bh 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40CEB second address: D40CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3EEC9 second address: D3EECD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41CDB second address: D41CE0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41CE0 second address: D41CE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42F46 second address: D42F69 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F0C10EAEB38h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d je 00007F0C10EAEB50h 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F0C10EAEB3Eh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42F69 second address: D42F6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45B7C second address: D45BA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b and di, 47FDh 0x00000010 push 00000000h 0x00000012 js 00007F0C10EAEB39h 0x00000018 and bh, 00000060h 0x0000001b push 00000000h 0x0000001d movsx ebx, si 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jp 00007F0C10EAEB36h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45BA8 second address: D45BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D44E23 second address: D44E3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edi 0x0000000c jo 00007F0C10EAEB3Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45CF1 second address: D45CF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D46CDF second address: D46CE5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F4E2 second address: D4F503 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F0C10DA4046h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F503 second address: D4F51B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0C10EAEB42h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F51B second address: D4F55B instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F0C10DA4048h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 jmp 00007F0C10DA4042h 0x00000019 jng 00007F0C10DA4036h 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F55B second address: D4F567 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F0C10EAEB36h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F7EB second address: D4F7EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F7EF second address: D4F80E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0C10EAEB49h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F80E second address: D4F816 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F816 second address: D4F81A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F81A second address: D4F820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4F820 second address: D4F848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F0C10EAEB3Ah 0x0000000c pushad 0x0000000d popad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007F0C10EAEB41h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54E72 second address: D54E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54E76 second address: D54EAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push ecx 0x00000009 jg 00007F0C10EAEB3Ch 0x0000000f pop ecx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push edi 0x00000015 jmp 00007F0C10EAEB3Fh 0x0000001a pop edi 0x0000001b mov eax, dword ptr [eax] 0x0000001d jng 00007F0C10EAEB4Fh 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59C83 second address: D59C99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4041h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59097 second address: D590B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB43h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D594FE second address: D59508 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5966E second address: D59672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59672 second address: D5967B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5967B second address: D59680 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59680 second address: D5968D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4038h 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59983 second address: D59987 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59987 second address: D5998B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5998B second address: D599AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F0C10EAEB38h 0x00000010 push eax 0x00000011 pop eax 0x00000012 jmp 00007F0C10EAEB3Fh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59B17 second address: D59B1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59B1D second address: D59B2F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F0C10EAEB5Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59B2F second address: D59B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D361D4 second address: D361FD instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F0C10EAEB4Bh 0x00000014 jmp 00007F0C10EAEB45h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D361FD second address: D36203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36203 second address: D36207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36207 second address: B8890F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov ecx, dword ptr [ebp+1246C866h] 0x0000000f push dword ptr [ebp+122D0C71h] 0x00000015 call dword ptr [ebp+122D3013h] 0x0000001b pushad 0x0000001c jmp 00007F0C10DA4043h 0x00000021 xor eax, eax 0x00000023 jng 00007F0C10DA4037h 0x00000029 mov edx, dword ptr [esp+28h] 0x0000002d or dword ptr [ebp+122D2630h], edx 0x00000033 cmc 0x00000034 mov dword ptr [ebp+122D34DEh], eax 0x0000003a pushad 0x0000003b mov dword ptr [ebp+122D2630h], ebx 0x00000041 popad 0x00000042 mov esi, 0000003Ch 0x00000047 pushad 0x00000048 mov ax, cx 0x0000004b popad 0x0000004c add esi, dword ptr [esp+24h] 0x00000050 jmp 00007F0C10DA403Fh 0x00000055 lodsw 0x00000057 sub dword ptr [ebp+122D2630h], ecx 0x0000005d add eax, dword ptr [esp+24h] 0x00000061 mov dword ptr [ebp+122D2630h], esi 0x00000067 mov ebx, dword ptr [esp+24h] 0x0000006b jmp 00007F0C10DA4042h 0x00000070 push eax 0x00000071 pushad 0x00000072 jmp 00007F0C10DA403Dh 0x00000077 pushad 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D362B9 second address: D362BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36522 second address: D36529 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3674D second address: D367B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F0C10EAEB38h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 mov edi, dword ptr [ebp+122D2F4Fh] 0x0000002a cld 0x0000002b push 00000004h 0x0000002d push 00000000h 0x0000002f push ecx 0x00000030 call 00007F0C10EAEB38h 0x00000035 pop ecx 0x00000036 mov dword ptr [esp+04h], ecx 0x0000003a add dword ptr [esp+04h], 0000001Ah 0x00000042 inc ecx 0x00000043 push ecx 0x00000044 ret 0x00000045 pop ecx 0x00000046 ret 0x00000047 push edi 0x00000048 mov edx, dword ptr [ebp+122D193Fh] 0x0000004e pop edx 0x0000004f nop 0x00000050 jc 00007F0C10EAEB48h 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D367B2 second address: D367B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D367B6 second address: D367D1 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jng 00007F0C10EAEB3Ch 0x00000012 jg 00007F0C10EAEB36h 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D331C1 second address: D331C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36DEA second address: D36E1D instructions: 0x00000000 rdtsc 0x00000002 je 00007F0C10EAEB36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jbe 00007F0C10EAEB4Ah 0x00000014 jmp 00007F0C10EAEB44h 0x00000019 mov eax, dword ptr [eax] 0x0000001b push ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e jg 00007F0C10EAEB36h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D36EEB second address: D15AD2 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, dword ptr [ebp+122D2764h] 0x00000011 lea eax, dword ptr [ebp+12480A20h] 0x00000017 jno 00007F0C10DA403Ch 0x0000001d push eax 0x0000001e jmp 00007F0C10DA4044h 0x00000023 mov dword ptr [esp], eax 0x00000026 mov edi, dword ptr [ebp+122D1E0Dh] 0x0000002c lea eax, dword ptr [ebp+124809DCh] 0x00000032 push eax 0x00000033 jnc 00007F0C10DA404Dh 0x00000039 mov dword ptr [esp], eax 0x0000003c push 00000000h 0x0000003e push ecx 0x0000003f call 00007F0C10DA4038h 0x00000044 pop ecx 0x00000045 mov dword ptr [esp+04h], ecx 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc ecx 0x00000052 push ecx 0x00000053 ret 0x00000054 pop ecx 0x00000055 ret 0x00000056 call dword ptr [ebp+1244606Fh] 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D15AD2 second address: D15AEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F0C10EAEB48h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D15AEF second address: D15AF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D15AF5 second address: D15B13 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jne 00007F0C10EAEB36h 0x00000010 jmp 00007F0C10EAEB3Eh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D324 second address: D5D328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D328 second address: D5D339 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D339 second address: D5D355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0C10DA4046h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D355 second address: D5D35E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D4C3 second address: D5D4D2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0C10DA403Ah 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D4D2 second address: D5D526 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0C10EAEB36h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F0C10EAEB49h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 jmp 00007F0C10EAEB41h 0x0000001a jg 00007F0C10EAEB3Ch 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F0C10EAEB3Ch 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D526 second address: D5D52A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D821 second address: D5D82A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D82A second address: D5D836 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jc 00007F0C10DA4036h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D999 second address: D5D9A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D9A0 second address: D5D9AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F0C10DA4036h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5DAE8 second address: D5DAEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64B5F second address: D64B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0C10DA4046h 0x00000011 jng 00007F0C10DA4036h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64B87 second address: D64BA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a pushad 0x0000000b popad 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0A6B second address: CF0A71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0A71 second address: CF0A77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63413 second address: D6341A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6341A second address: D63446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F0C10EAEB36h 0x0000000a jmp 00007F0C10EAEB49h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007F0C10EAEB36h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D636F9 second address: D6370C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F0C10DA403Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63B68 second address: D63B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jns 00007F0C10EAEB36h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63D0A second address: D63D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4042h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63D21 second address: D63D26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63D26 second address: D63D5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F0C10DA403Fh 0x0000000b popad 0x0000000c jng 00007F0C10DA403Ch 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push edx 0x00000015 jne 00007F0C10DA4038h 0x0000001b push eax 0x0000001c push edx 0x0000001d jng 00007F0C10DA4036h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63D5B second address: D63D5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63EB1 second address: D63ED0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F0C10DA4040h 0x00000008 jne 00007F0C10DA4036h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64035 second address: D6407C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0C10EAEB36h 0x00000008 jno 00007F0C10EAEB36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jno 00007F0C10EAEB46h 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 jng 00007F0C10EAEB36h 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 popad 0x00000023 popad 0x00000024 push edx 0x00000025 jmp 00007F0C10EAEB40h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64316 second address: D64327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007F0C10DA4036h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64327 second address: D6432B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6432B second address: D64331 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64331 second address: D64336 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D644DC second address: D644F7 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F0C10DA4036h 0x00000008 jng 00007F0C10DA4036h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push edi 0x00000012 pop edi 0x00000013 jne 00007F0C10DA4036h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D644F7 second address: D644FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D649F5 second address: D649FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D649FE second address: D64A04 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64A04 second address: D64A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10DA403Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63161 second address: D63167 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D63167 second address: D63175 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 js 00007F0C10DA4036h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D673BF second address: D673D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10EAEB3Fh 0x00000009 jno 00007F0C10EAEB36h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D673D8 second address: D673DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D673DC second address: D673F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10EAEB42h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D673F6 second address: D67411 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4041h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6A70C second address: D6A710 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6A710 second address: D6A71F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA403Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6A71F second address: D6A726 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6ED77 second address: D6EDBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4049h 0x00000009 jmp 00007F0C10DA4049h 0x0000000e popad 0x0000000f push esi 0x00000010 jne 00007F0C10DA4036h 0x00000016 pop esi 0x00000017 jg 00007F0C10DA4042h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6EDBE second address: D6EDC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F09C second address: D6F0AC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jo 00007F0C10DA4036h 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F0AC second address: D6F0B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F0B2 second address: D6F0B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F0B6 second address: D6F0BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F0BA second address: D6F0C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F0C0 second address: D6F0CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F53F second address: D6F549 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F0C10DA403Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F83D second address: D6F848 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6F848 second address: D6F854 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6FB16 second address: D6FB22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F0C10EAEB36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D75381 second address: D753C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4042h 0x00000009 jmp 00007F0C10DA403Dh 0x0000000e popad 0x0000000f pop edx 0x00000010 pushad 0x00000011 jne 00007F0C10DA4042h 0x00000017 jng 00007F0C10DA4036h 0x0000001d jnp 00007F0C10DA4036h 0x00000023 push eax 0x00000024 push edx 0x00000025 js 00007F0C10DA4036h 0x0000002b jc 00007F0C10DA4036h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D75697 second address: D7569C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77C6E second address: D77C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77C79 second address: D77C7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77C7D second address: D77CA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007F0C10DA4041h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7CA9E second address: D7CAAD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 js 00007F0C10EAEB3Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7CAAD second address: D7CAD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA4044h 0x00000009 pushad 0x0000000a jmp 00007F0C10DA4041h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BD9F second address: D7BDA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BDA5 second address: D7BDA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BEEA second address: D7BEF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BEF0 second address: D7BEF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7BEF7 second address: D7BEFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C087 second address: D7C0A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0C10DA403Dh 0x0000000c jc 00007F0C10DA4036h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C1F8 second address: D7C1FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C1FE second address: D7C219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F0C10DA403Fh 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C219 second address: D7C21D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C21D second address: D7C221 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7C35B second address: D7C362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D82409 second address: D8240D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8240D second address: D82435 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 je 00007F0C10EAEB36h 0x0000000d pop esi 0x0000000e pushad 0x0000000f jne 00007F0C10EAEB36h 0x00000015 jnp 00007F0C10EAEB36h 0x0000001b popad 0x0000001c popad 0x0000001d push eax 0x0000001e jo 00007F0C10EAEB3Eh 0x00000024 pushad 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D80CB1 second address: D80CC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10DA4041h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D80CC6 second address: D80CCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81146 second address: D81150 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F0C10DA4036h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D369AD second address: D369C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D369C7 second address: D36A05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edi, edx 0x0000000b push 00000004h 0x0000000d jmp 00007F0C10DA4047h 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jp 00007F0C10DA4047h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D815A1 second address: D815A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D815A9 second address: D815B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D815B4 second address: D815B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D815B8 second address: D815CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0C10DA403Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D815CE second address: D815FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 jc 00007F0C10EAEB36h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push esi 0x00000013 pop esi 0x00000014 push edi 0x00000015 pop edi 0x00000016 popad 0x00000017 jnp 00007F0C10EAEB42h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D81734 second address: D8173A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8173A second address: D8174B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F0C10EAEB3Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8174B second address: D8176C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA403Dh 0x00000007 jnp 00007F0C10DA403Ch 0x0000000d je 00007F0C10DA4036h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D82149 second address: D8215E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0C10EAEB3Ch 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8215E second address: D8216C instructions: 0x00000000 rdtsc 0x00000002 jng 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D860AB second address: D860DE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0C10EAEB3Ah 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F0C10EAEB3Dh 0x0000000f jmp 00007F0C10EAEB48h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D860DE second address: D860EF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnl 00007F0C10DA4036h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85785 second address: D8578F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D858E5 second address: D858EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85A19 second address: D85A1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85A1E second address: D85A2E instructions: 0x00000000 rdtsc 0x00000002 js 00007F0C10DA4038h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85A2E second address: D85A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85D50 second address: D85D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85D56 second address: D85D5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8D3BD second address: D8D413 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0C10DA4041h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F0C10DA403Ch 0x00000010 popad 0x00000011 pushad 0x00000012 push esi 0x00000013 jmp 00007F0C10DA4045h 0x00000018 push esi 0x00000019 pop esi 0x0000001a pop esi 0x0000001b jmp 00007F0C10DA4044h 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8D413 second address: D8D417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8D417 second address: D8D420 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B6D8 second address: D8B6E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F0C10EAEB36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B6E9 second address: D8B6F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jc 00007F0C10DA4042h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8BC8B second address: D8BCA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F0C10EAEB45h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8BCA6 second address: D8BCC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F0C10DA4047h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C57C second address: D8C580 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C580 second address: D8C58A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C58A second address: D8C58E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C825 second address: D8C82E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C82E second address: D8C85D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB48h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F0C10EAEB40h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8CB38 second address: D8CB3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90FB1 second address: D90FB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90FB5 second address: D90FB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90FB9 second address: D90FBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90FBF second address: D90FD4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0C10DA403Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90FD4 second address: D90FDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D912AD second address: D912D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F0C10DA4036h 0x0000000a pop edi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F0C10DA4045h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D916DF second address: D916E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D916E5 second address: D916EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CFA3 second address: D9CFC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F0C10EAEB36h 0x0000000d jmp 00007F0C10EAEB48h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CFC8 second address: D9CFEE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F0C10DA403Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F0C10DA4038h 0x00000013 jnl 00007F0C10DA403Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D15F second address: D9D165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D700 second address: D9D704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D704 second address: D9D738 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F0C10EAEB49h 0x0000000e jmp 00007F0C10EAEB40h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D738 second address: D9D743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9D743 second address: D9D747 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DB4C second address: D9DB60 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jne 00007F0C10DA4036h 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DB60 second address: D9DB66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DB66 second address: D9DB6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9DE41 second address: D9DE5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB43h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E51A second address: D9E54D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10DA403Fh 0x00000009 popad 0x0000000a jmp 00007F0C10DA4040h 0x0000000f jmp 00007F0C10DA403Bh 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E54D second address: D9E557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0C10EAEB36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9E557 second address: D9E569 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 ja 00007F0C10DA4042h 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9ECD6 second address: D9ECFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0C10EAEB3Fh 0x0000000c jmp 00007F0C10EAEB42h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A0D second address: DA3A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A13 second address: DA3A1F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A1F second address: DA3A23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A23 second address: DA3A27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A27 second address: DA3A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A2D second address: DA3A49 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F0C10EAEB4Eh 0x00000008 jmp 00007F0C10EAEB42h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A49 second address: DA3A6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F0C10DA4043h 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push ebx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A6C second address: DA3A72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A72 second address: DA3A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A78 second address: DA3A9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jl 00007F0C10EAEB36h 0x0000000e jmp 00007F0C10EAEB46h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA3A9E second address: DA3AA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB85B second address: CEB867 instructions: 0x00000000 rdtsc 0x00000002 je 00007F0C10EAEB36h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB867 second address: CEB899 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jp 00007F0C10DA4036h 0x00000009 jnl 00007F0C10DA4036h 0x0000000f pop edi 0x00000010 pushad 0x00000011 je 00007F0C10DA4036h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f jmp 00007F0C10DA403Bh 0x00000024 jg 00007F0C10DA4036h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB899 second address: CEB8C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F0C10EAEB41h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F0C10EAEB41h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB8C3 second address: CEB8C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB8C9 second address: CEB8CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB8CE second address: CEB8D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA8453 second address: DA8457 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA8457 second address: DA8463 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F0C10DA4036h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA8463 second address: DA846F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F0C10EAEB36h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB4EA5 second address: DB4F1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F0C10DA4049h 0x00000010 ja 00007F0C10DA4036h 0x00000016 popad 0x00000017 popad 0x00000018 pushad 0x00000019 jmp 00007F0C10DA4047h 0x0000001e jmp 00007F0C10DA4044h 0x00000023 pushad 0x00000024 jmp 00007F0C10DA4045h 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b popad 0x0000002c push ebx 0x0000002d pushad 0x0000002e popad 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB78EC second address: DB78F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBE511 second address: DBE525 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4040h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBE525 second address: DBE52E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCDD1D second address: DCDD21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2F63 second address: DD2F80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0C10EAEB42h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2F80 second address: DD2F90 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F0C10DA4036h 0x00000008 jnc 00007F0C10DA4036h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2F90 second address: DD2FB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F0C10EAEB3Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2FB5 second address: DD2FBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2FBD second address: DD2FC7 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0C10EAEB36h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2FC7 second address: DD2FE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F0C10DA403Dh 0x0000000d jnl 00007F0C10DA4036h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3117 second address: DD311B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD311B second address: DD3121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3121 second address: DD3127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3127 second address: DD312D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD312D second address: DD3131 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3131 second address: DD3135 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD3135 second address: DD3144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD33C7 second address: DD33CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE68FA second address: CE68FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9898 second address: DD989E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD942D second address: DD9433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9433 second address: DD9438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9438 second address: DD9446 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 js 00007F0C10EAEB36h 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9446 second address: DD944C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD9594 second address: DD959E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F0C10EAEB36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD959E second address: DD95A8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F0C10DA4036h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD95A8 second address: DD95B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7F12 second address: DE7F1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7F1A second address: DE7F37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB3Dh 0x00000007 jmp 00007F0C10EAEB3Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE978E second address: DE9798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F0C10DA4036h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9798 second address: DE979E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE979E second address: DE97B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F0C10DA4043h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9605 second address: DE9610 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F0C10EAEB36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE32E1 second address: DE32E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE32E5 second address: DE3301 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3301 second address: DE3307 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3307 second address: DE3310 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3310 second address: DE3318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3318 second address: DE3338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F0C10EAEB47h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3338 second address: DE333C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE333C second address: DE3342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF6533 second address: DF653F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F0C10DA4036h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BF4A second address: E0BF51 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BF51 second address: E0BF5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jne 00007F0C10DA4036h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B2C6 second address: E0B2DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F0C10EAEB3Ah 0x0000000b jnl 00007F0C10EAEB36h 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B2DF second address: E0B307 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10DA4048h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F0C10DA403Ah 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B640 second address: E0B64A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F0C10EAEB3Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0B94F second address: E0B953 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BAE3 second address: E0BAE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0E91D second address: E0E923 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0EA06 second address: E0EA0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0EC71 second address: E0EC85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F0C10DA4040h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0EC85 second address: E0ECCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F0C10EAEB3Bh 0x0000000f push edx 0x00000010 jmp 00007F0C10EAEB40h 0x00000015 pop edx 0x00000016 popad 0x00000017 nop 0x00000018 mov dx, bx 0x0000001b push 00000004h 0x0000001d mov edx, esi 0x0000001f jmp 00007F0C10EAEB3Ch 0x00000024 push E83CF0D0h 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0ECCB second address: E0ECCF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30D6A second address: D30D6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30D6E second address: D30D74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30D74 second address: D30D78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30F97 second address: D30F9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30F9B second address: D30FB3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F0C10EAEB44h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B8896F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B888B0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D25B55 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D24E69 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D35DC1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: DA9E9F instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B888F0 rdtsc

0_2_00B888F0

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 2516	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2476	Thread sleep time: -30000s >= -30000s			Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1736443123.000000000142E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW@sI
Source: file.exe, 00000000.00000002.1736490291.0000000001486000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735608820.0000000001485000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1735492795.0000000001483000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B888F0 rdtsc

0_2_00B888F0

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00B6B480 LdrInitializeThunk,

0_2_00B6B480

Source: file.exe, 00000000.00000002.1736037082.0000000000D06000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: ~Program Manager
Source: file.exe	Binary or memory string: W~Program Manager

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match	File source: sslproxydump.pcap, type: PCAP
Source: Yara match	File source: decrypted.memstr, type: MEMORYSTR

ID:	1572021
Product:	CloudBasic
Start time:	01:32:05
Start date:	10.12.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	0f2fe11ad182a5dacccb11f8aec704d0
SHA1:	4a20e305c64c6817a1a4fb95157e1b4ffc4c8d4f
SHA256:	3c85a11120f1473f832bb6956f67b534a16205f9454abf2116237f0007cf9f89
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
file.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
file.exe