Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1572085
MD5: 73f9c0001107eb1b3aab6549c6574f7f
SHA1: 92f5d81090d2cb7ff8be9764e7b69dca16ba44da
SHA256: d1f439cd24726a4ed6001304ea33e413856a7242292f750088e66696bb5aecaa
Tags: exeuser-Bitsight
Infos:

Detection

LummaC Stealer
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found many strings related to Crypto-Wallets (likely being stolen)
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Crypto Currency Wallets
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Searches for user specific document files
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: https://atten-supporse.biz/p Avira URL Cloud: Label: malware
Source: https://atten-supporse.biz/&& Avira URL Cloud: Label: malware
Found malware configuration
Source: file.exe.4208.0.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["covery-mover.biz", "dwell-exclaim.biz", "zinc-sneark.biz", "formy-spill.biz", "impend-differ.biz", "se-blurry.biz", "atten-supporse.biz", "print-vexer.biz", "dare-curbys.biz"], "Build id": "LOGS11--LiveTraffic"}
Multi AV Scanner detection for submitted file
Source: file.exe Virustotal: Detection: 50% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: impend-differ.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: print-vexer.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: dare-curbys.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: covery-mover.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: formy-spill.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: dwell-exclaim.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: zinc-sneark.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: se-blurry.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: atten-supporse.biz
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Screen Resoluton:
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: - Physical Installed Memory:
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: Workgroup: -
Source: 00000000.00000003.2038007042.0000000005410000.00000004.00001000.00020000.00000000.sdmp String decryptor: LOGS11--LiveTraffic
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED6B7E CryptUnprotectData, 0_2_00ED6B7E
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49712 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax+79314A46h] 0_2_00EE6170
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push eax 0_2_00ECC36E
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax+36A27D27h] 0_2_00EEC6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], al 0_2_00EEC6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h] 0_2_00EEC6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+07540F19h] 0_2_00EEC6D7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+ebp*8], 299A4ECDh 0_2_00EFE690
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+05h] 0_2_00ECA960
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edx], bl 0_2_00ECCE55
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [edi+ebx+02h], 0000h 0_2_00EFDBD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edx+ecx*8], 29DF508Eh 0_2_00EFDCF0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00EC9CC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], dx 0_2_00ED7E82
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah] 0_2_00EEBFDA
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-51BA460Ah] 0_2_00EEBFD3
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh] 0_2_00EE5F7D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_00EEA060
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi+ebx], 00000000h 0_2_00ECC274
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, eax 0_2_00EE2270
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_00EF45F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp al, 2Eh 0_2_00EE66E7
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00EE86F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp byte ptr [esi+ebx], 00000000h 0_2_00EEA630
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00EE0717
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [ecx], dx 0_2_00EE0717
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00EE86F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00EFCAC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add ebp, dword ptr [esp+0Ch] 0_2_00EEAAD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [ecx+esi] 0_2_00EC2B70
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebp, word ptr [ecx+ebx*2] 0_2_00EF6B20
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00EFCCE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00EFCD60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [ebp+edx+02h], 0000h 0_2_00EDCEA5
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00ED6E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, eax 0_2_00ED6E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00EFCE00
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add ebx, 03h 0_2_00EE8F5D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ecx+edx*8], B430E561h 0_2_00ED4F08
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, edx 0_2_00ED4F08
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00EDD087
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], cl 0_2_00EED085
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], cl 0_2_00EED085
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00EDD074
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00ED7190
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+1Ch] 0_2_00EE92D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ebx 0_2_00EE92D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [00F04284h] 0_2_00EE5230
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], bl 0_2_00EEB3DE
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], bl 0_2_00EEB3DE
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, bx 0_2_00EE536C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [ecx], dx 0_2_00EE7307
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_00EEB4BB
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00EEB475
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add eax, dword ptr [esp+ecx*4+24h] 0_2_00EC7470
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, word ptr [edi+esi*4] 0_2_00EC7470
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx-41h] 0_2_00EE96D8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+2Ch] 0_2_00EE7653
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00ED597D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+esi*8], B430E561h 0_2_00EE5920
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+eax-000000BCh] 0_2_00ED6E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, eax 0_2_00ED6E97
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebx, eax 0_2_00EC5910
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebp, eax 0_2_00EC5910
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [eax], cl 0_2_00ED5ADC
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], B430E561h 0_2_00ED9C10
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esi+ecx-000000BCh] 0_2_00ED5EE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00EE1EE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edx+ecx*8], 2298EE00h 0_2_00EFDFB0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-0BF7BDDDh] 0_2_00EE5F7D

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2057921 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (atten-supporse .biz) : 192.168.2.5:59033 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49705 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49708 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49704 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49712 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49707 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49706 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49722 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2057922 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (atten-supporse .biz in TLS SNI) : 192.168.2.5:49709 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.5:49705 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.5:49709 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49705 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2843864 - Severity 1 - ETPRO MALWARE Suspicious Zipped Filename in Outbound POST Request (screen.) M2 : 192.168.2.5:49712 -> 104.21.64.1:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: covery-mover.biz
Source: Malware configuration extractor URLs: dwell-exclaim.biz
Source: Malware configuration extractor URLs: zinc-sneark.biz
Source: Malware configuration extractor URLs: formy-spill.biz
Source: Malware configuration extractor URLs: impend-differ.biz
Source: Malware configuration extractor URLs: se-blurry.biz
Source: Malware configuration extractor URLs: atten-supporse.biz
Source: Malware configuration extractor URLs: print-vexer.biz
Source: Malware configuration extractor URLs: dare-curbys.biz
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49708 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49712 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49707 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49706 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49722 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 104.21.64.1:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49709 -> 104.21.64.1:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 53Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=P5UVSGGAUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 12781Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=42NE97KCA7D9W9VPUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 15071Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2782DAONUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 20513Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=2OCJPJZOUOH8LKT56AUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1250Host: atten-supporse.biz
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=ESTOMURCU456190DQ8User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 584637Host: atten-supporse.biz
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: atten-supporse.biz
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: atten-supporse.biz
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000000.00000003.2272354307.00000000016C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.micro
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000000.00000003.2135008741.0000000005F18000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000003.2272354307.00000000016D5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/
Source: file.exe, 00000000.00000003.2171451535.00000000016DA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/&&
Source: file.exe, 00000000.00000003.2174167356.00000000016F8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/api
Source: file.exe, 00000000.00000003.2111788836.00000000016DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/apie
Source: file.exe, 00000000.00000003.2212526320.0000000001701000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2280541673.0000000001705000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2272282633.0000000001701000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/apii
Source: file.exe, 00000000.00000003.2272325974.00000000016DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz/p
Source: file.exe, 00000000.00000003.2279008440.000000000165E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2280254483.000000000165E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz:443/api
Source: file.exe, 00000000.00000002.2280254483.000000000165E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://atten-supporse.biz:443/apiicrosoft
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: file.exe, 00000000.00000003.2174609302.0000000001701000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174185636.00000000016FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174670298.0000000001704000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174142658.00000000016EA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2171451535.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2174167356.00000000016F8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f10
Source: file.exe, 00000000.00000003.2136702572.000000000170B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2089675669.0000000005F29000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2089743305.0000000005F26000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000003.2136351465.0000000006013000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: unknown Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49704 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49705 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49706 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49707 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49708 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49709 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.5:49712 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE6170 0_2_00EE6170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ECE2A9 0_2_00ECE2A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EEC6D7 0_2_00EEC6D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EFE690 0_2_00EFE690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC87F0 0_2_00EC87F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ECA960 0_2_00ECA960
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED6B7E 0_2_00ED6B7E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EF6C40 0_2_00EF6C40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED0FD6 0_2_00ED0FD6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EF6F90 0_2_00EF6F90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE33A0 0_2_00EE33A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE15F0 0_2_00EE15F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC97B0 0_2_00EC97B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EF9B90 0_2_00EF9B90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EFDCF0 0_2_00EFDCF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EEBFDA 0_2_00EEBFDA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EEBFD3 0_2_00EEBFD3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F640FC 0_2_00F640FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F840EF 0_2_00F840EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0103A121 0_2_0103A121
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01046127 0_2_01046127
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA20D1 0_2_00FA20D1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101C12F 0_2_0101C12F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F260C1 0_2_00F260C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EF80D9 0_2_00EF80D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0100813D 0_2_0100813D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FDC0BD 0_2_00FDC0BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD40B4 0_2_00FD40B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA40A9 0_2_00FA40A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01000158 0_2_01000158
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE80B0 0_2_00EE80B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE40A1 0_2_00FE40A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7609F 0_2_00F7609F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB8091 0_2_00FB8091
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FCC08D 0_2_00FCC08D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ECE06A 0_2_00ECE06A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FDE074 0_2_00FDE074
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE5F7D 0_2_00EE5F7D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F8A068 0_2_00F8A068
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FAA069 0_2_00FAA069
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01004197 0_2_01004197
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 0_2_0102C1B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2204D 0_2_00F2204D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010801C9 0_2_010801C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0105A1C6 0_2_0105A1C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F8603D 0_2_00F8603D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101E1C4 0_2_0101E1C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2C03E 0_2_00F2C03E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7C03B 0_2_00F7C03B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3403E 0_2_00F3403E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4E021 0_2_00F4E021
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3802E 0_2_00F3802E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EFA030 0_2_00EFA030
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010101DE 0_2_010101DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F8C01B 0_2_00F8C01B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F68013 0_2_00F68013
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9001C 0_2_00F9001C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9400E 0_2_00F9400E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9E000 0_2_00F9E000
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD61F8 0_2_00FD61F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2C1E5 0_2_00F2C1E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC81F0 0_2_00EC81F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101002E 0_2_0101002E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC81C5 0_2_00FC81C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104C03D 0_2_0104C03D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EF01D0 0_2_00EF01D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F941BC 0_2_00F941BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE61AD 0_2_00FE61AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01020060 0_2_01020060
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01042071 0_2_01042071
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01052070 0_2_01052070
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F5C146 0_2_00F5C146
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3E127 0_2_00F3E127
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010140E3 0_2_010140E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF0119 0_2_00FF0119
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EEA100 0_2_00EEA100
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9C101 0_2_00F9C101
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010240F9 0_2_010240F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7410B 0_2_00F7410B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102A0FE 0_2_0102A0FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0103C308 0_2_0103C308
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA82EB 0_2_00FA82EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA42E0 0_2_00FA42E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE02E0 0_2_00FE02E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0103A321 0_2_0103A321
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4C2DD 0_2_00F4C2DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104C32F 0_2_0104C32F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EFE2C0 0_2_00EFE2C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01022330 0_2_01022330
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE82CD 0_2_00FE82CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE22C8 0_2_00FE22C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104E33C 0_2_0104E33C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01014341 0_2_01014341
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01026340 0_2_01026340
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FDA2A2 0_2_00FDA2A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3829C 0_2_00F3829C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101637C 0_2_0101637C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F86268 0_2_00F86268
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC4270 0_2_00EC4270
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE2270 0_2_00EE2270
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010463B4 0_2_010463B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7A241 0_2_00F7A241
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9A24E 0_2_00F9A24E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFC243 0_2_00FFC243
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC4242 0_2_00FC4242
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010103C1 0_2_010103C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC0236 0_2_00FC0236
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB422B 0_2_00FB422B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2E22E 0_2_00F2E22E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F46214 0_2_00F46214
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC6200 0_2_00EC6200
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010003F2 0_2_010003F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9E3F3 0_2_00F9E3F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0108E207 0_2_0108E207
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF23E2 0_2_00FF23E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EFA3F0 0_2_00EFA3F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F363D2 0_2_00F363D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102E221 0_2_0102E221
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FDE3CC 0_2_00FDE3CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F443C6 0_2_00F443C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F583CC 0_2_00F583CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0100223A 0_2_0100223A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F523B1 0_2_00F523B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F543B1 0_2_00F543B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0103E244 0_2_0103E244
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0105424A 0_2_0105424A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010AA25D 0_2_010AA25D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F683AF 0_2_00F683AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01012264 0_2_01012264
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FBE392 0_2_00FBE392
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2A382 0_2_00F2A382
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDC360 0_2_00EDC360
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4036E 0_2_00F4036E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0105C29F 0_2_0105C29F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010182A2 0_2_010182A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFA354 0_2_00FFA354
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD034D 0_2_00FD034D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF6345 0_2_00FF6345
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE44FF 0_2_00FE44FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F904F0 0_2_00F904F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F264FD 0_2_00F264FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD24E4 0_2_00FD24E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01044525 0_2_01044525
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F784D1 0_2_00F784D1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F864D3 0_2_00F864D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F564C0 0_2_00F564C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0103E535 0_2_0103E535
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0100C54C 0_2_0100C54C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F504BA 0_2_00F504BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01038559 0_2_01038559
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F6E491 0_2_00F6E491
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F88495 0_2_00F88495
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F38481 0_2_00F38481
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F6447C 0_2_00F6447C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01036593 0_2_01036593
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F8446B 0_2_00F8446B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101C5A1 0_2_0101C5A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0105A5A1 0_2_0105A5A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104A5AE 0_2_0104A5AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F32445 0_2_00F32445
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA4438 0_2_00FA4438
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4A438 0_2_00F4A438
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7643B 0_2_00F7643B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F42425 0_2_00F42425
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EF6430 0_2_00EF6430
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA641E 0_2_00FA641E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F66411 0_2_00F66411
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F5E41F 0_2_00F5E41F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F8A414 0_2_00F8A414
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7E402 0_2_00F7E402
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FDC401 0_2_00FDC401
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F225F4 0_2_00F225F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB45EE 0_2_00FB45EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FAE5E0 0_2_00FAE5E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F8E5D7 0_2_00F8E5D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F305A6 0_2_00F305A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA25A1 0_2_00FA25A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101A45F 0_2_0101A45F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB0595 0_2_00FB0595
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEC58F 0_2_00FEC58F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F62588 0_2_00F62588
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE8581 0_2_00FE8581
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FCE574 0_2_00FCE574
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE256E 0_2_00FE256E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01006491 0_2_01006491
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FBC568 0_2_00FBC568
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC8564 0_2_00FC8564
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED6571 0_2_00ED6571
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC6560 0_2_00FC6560
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010324B8 0_2_010324B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD4520 0_2_00FD4520
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F70513 0_2_00F70513
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9651F 0_2_00F9651F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010484E9 0_2_010484E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE66E7 0_2_00EE66E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFA6F1 0_2_00FFA6F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01010723 0_2_01010723
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F5E6D3 0_2_00F5E6D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01012734 0_2_01012734
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC26BF 0_2_00FC26BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104C768 0_2_0104C768
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC6690 0_2_00EC6690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EF6690 0_2_00EF6690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4C671 0_2_00F4C671
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01050788 0_2_01050788
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7266E 0_2_00F7266E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED2670 0_2_00ED2670
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F5A66A 0_2_00F5A66A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010587A0 0_2_010587A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3C65B 0_2_00F3C65B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF0656 0_2_00FF0656
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC464E 0_2_00FC464E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010047B3 0_2_010047B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3A64B 0_2_00F3A64B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F82640 0_2_00F82640
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F6C636 0_2_00F6C636
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFC63A 0_2_00FFC63A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010067CA 0_2_010067CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE662C 0_2_00FE662C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7C622 0_2_00F7C622
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA8618 0_2_00FA8618
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010207F3 0_2_010207F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4660D 0_2_00F4660D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FAA7FE 0_2_00FAA7FE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F767F1 0_2_00F767F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4E7F8 0_2_00F4E7F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F987F5 0_2_00F987F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA87ED 0_2_00FA87ED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9E7DB 0_2_00F9E7DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01030621 0_2_01030621
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F8C7CB 0_2_00F8C7CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7E7C9 0_2_00F7E7C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F887C7 0_2_00F887C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED67A5 0_2_00ED67A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FDA7B6 0_2_00FDA7B6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC67B0 0_2_00FC67B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01024654 0_2_01024654
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE479F 0_2_00FE479F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01018666 0_2_01018666
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F78774 0_2_00F78774
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD676C 0_2_00FD676C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01052699 0_2_01052699
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF2761 0_2_00FF2761
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE075C 0_2_00FE075C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010406AF 0_2_010406AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB8755 0_2_00FB8755
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F94742 0_2_00F94742
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F58730 0_2_00F58730
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010886DA 0_2_010886DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED8731 0_2_00ED8731
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010266E1 0_2_010266E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010026EE 0_2_010026EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEE706 0_2_00FEE706
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE0717 0_2_00EE0717
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F828F2 0_2_00F828F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB68F1 0_2_00FB68F1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3C8FF 0_2_00F3C8FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF68EF 0_2_00FF68EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F6E8E2 0_2_00F6E8E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC88E8 0_2_00FC88E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FDC8E8 0_2_00FDC8E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F868D4 0_2_00F868D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104A937 0_2_0104A937
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB48C1 0_2_00FB48C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101C94B 0_2_0101C94B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F748B8 0_2_00F748B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01042957 0_2_01042957
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101E955 0_2_0101E955
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0100A965 0_2_0100A965
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01028968 0_2_01028968
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0103E96C 0_2_0103E96C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F42885 0_2_00F42885
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F36881 0_2_00F36881
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2888A 0_2_00F2888A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4488D 0_2_00F4488D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4A87B 0_2_00F4A87B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F20862 0_2_00F20862
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F34864 0_2_00F34864
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F80860 0_2_00F80860
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD0867 0_2_00FD0867
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F92867 0_2_00F92867
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA685C 0_2_00FA685C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F5C83E 0_2_00F5C83E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F50824 0_2_00F50824
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F24810 0_2_00F24810
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FBA80B 0_2_00FBA80B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF89FC 0_2_00FF89FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2E9D1 0_2_00F2E9D1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01054822 0_2_01054822
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FCE9D4 0_2_00FCE9D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F629BE 0_2_00F629BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102284A 0_2_0102284A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FDE9B2 0_2_00FDE9B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F909A1 0_2_00F909A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F929A6 0_2_00F929A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB099F 0_2_00FB099F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC8990 0_2_00EC8990
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2698F 0_2_00F2698F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F68988 0_2_00F68988
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F96979 0_2_00F96979
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA2974 0_2_00FA2974
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE297F 0_2_00EE297F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C897 0_2_0102C897
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9E964 0_2_00F9E964
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA495B 0_2_00FA495B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FAE95F 0_2_00FAE95F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010488A1 0_2_010488A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF494C 0_2_00FF494C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD293D 0_2_00FD293D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010148D3 0_2_010148D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0103A8DA 0_2_0103A8DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FBC91A 0_2_00FBC91A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD8918 0_2_00FD8918
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2A91F 0_2_00F2A91F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F84905 0_2_00F84905
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EFCAC0 0_2_00EFCAC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01050B32 0_2_01050B32
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA0AC1 0_2_00FA0AC1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFEABB 0_2_00FFEABB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FEAA91 0_2_00FEAA91
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFAA8F 0_2_00FFAA8F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFCA8F 0_2_00FFCA8F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0107CB85 0_2_0107CB85
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF0A6A 0_2_00FF0A6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01026B94 0_2_01026B94
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01018BA0 0_2_01018BA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F66A55 0_2_00F66A55
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01024BAE 0_2_01024BAE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED4A40 0_2_00ED4A40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7CA41 0_2_00F7CA41
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F58A42 0_2_00F58A42
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ECCA54 0_2_00ECCA54
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC8A45 0_2_00FC8A45
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F86A43 0_2_00F86A43
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01028BC8 0_2_01028BC8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104EBCB 0_2_0104EBCB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F74A22 0_2_00F74A22
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01012BDD 0_2_01012BDD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE8A1E 0_2_00FE8A1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F76A1D 0_2_00F76A1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9CA13 0_2_00F9CA13
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01006BF0 0_2_01006BF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01086BF6 0_2_01086BF6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9AA07 0_2_00F9AA07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F42BF5 0_2_00F42BF5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F6CBE6 0_2_00F6CBE6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F24BE0 0_2_00F24BE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01038A1E 0_2_01038A1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F80BDD 0_2_00F80BDD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F5EBDF 0_2_00F5EBDF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7EBCF 0_2_00F7EBCF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7ABCB 0_2_00F7ABCB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01036A4B 0_2_01036A4B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC4BA0 0_2_00EC4BA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01018A4F 0_2_01018A4F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC6B9C 0_2_00FC6B9C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102EA65 0_2_0102EA65
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01046A7A 0_2_01046A7A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F46B7F 0_2_00F46B7F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDCB5A 0_2_00EDCB5A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC0B41 0_2_00FC0B41
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FCAB41 0_2_00FCAB41
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F54B25 0_2_00F54B25
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F64B25 0_2_00F64B25
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0100EAD4 0_2_0100EAD4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F18B18 0_2_00F18B18
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE0B15 0_2_00FE0B15
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD6B11 0_2_00FD6B11
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0103CAF7 0_2_0103CAF7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F40B0C 0_2_00F40B0C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FBECFE 0_2_00FBECFE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F82CFF 0_2_00F82CFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB0CF6 0_2_00FB0CF6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EFCCE0 0_2_00EFCCE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE2CF8 0_2_00EE2CF8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9ECEF 0_2_00F9ECEF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA6CE0 0_2_00FA6CE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101ED1B 0_2_0101ED1B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FACCDC 0_2_00FACCDC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F62CD8 0_2_00F62CD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F48CC0 0_2_00F48CC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0103ED43 0_2_0103ED43
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FCACBF 0_2_00FCACBF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01042D49 0_2_01042D49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101CD66 0_2_0101CD66
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC2C90 0_2_00FC2C90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F20C83 0_2_00F20C83
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F84C8C 0_2_00F84C8C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE0C8B 0_2_00FE0C8B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0100AD75 0_2_0100AD75
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0103CD79 0_2_0103CD79
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4EC75 0_2_00F4EC75
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2AC70 0_2_00F2AC70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2CC78 0_2_00F2CC78
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01036D8C 0_2_01036D8C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB8C6A 0_2_00FB8C6A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F36C66 0_2_00F36C66
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01038DA2 0_2_01038DA2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EF4C4D 0_2_00EF4C4D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFCC53 0_2_00FFCC53
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01034DAF 0_2_01034DAF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB6C4E 0_2_00FB6C4E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF2C46 0_2_00FF2C46
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F44C36 0_2_00F44C36
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F50C33 0_2_00F50C33
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FBAC30 0_2_00FBAC30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F38C23 0_2_00F38C23
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01030DDE 0_2_01030DDE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F30C14 0_2_00F30C14
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F56C1E 0_2_00F56C1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED8C1E 0_2_00ED8C1E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F6EC03 0_2_00F6EC03
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F94C0C 0_2_00F94C0C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FDEDF5 0_2_00FDEDF5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9CDD7 0_2_00F9CDD7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB4DCB 0_2_00FB4DCB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE6DCA 0_2_00FE6DCA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF4DC5 0_2_00FF4DC5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F60DB4 0_2_00F60DB4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01016C42 0_2_01016C42
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF8DA4 0_2_00FF8DA4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE4DA0 0_2_00FE4DA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4CD96 0_2_00F4CD96
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F26D9B 0_2_00F26D9B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD8D83 0_2_00FD8D83
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EFCD60 0_2_00EFCD60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE4D70 0_2_00EE4D70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F6ED4C 0_2_00F6ED4C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9AD3D 0_2_00F9AD3D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA8D2D 0_2_00FA8D2D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101ACE1 0_2_0101ACE1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FA0D19 0_2_00FA0D19
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0105ACE3 0_2_0105ACE3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE2D16 0_2_00FE2D16
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01022CF7 0_2_01022CF7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F98D05 0_2_00F98D05
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01032CFE 0_2_01032CFE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0107EF02 0_2_0107EF02
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE8EF8 0_2_00FE8EF8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F74EFD 0_2_00F74EFD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F90EC1 0_2_00F90EC1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FDAEC7 0_2_00FDAEC7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EC2EA0 0_2_00EC2EA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE6EBE 0_2_00EE6EBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF2EAE 0_2_00FF2EAE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F96EAE 0_2_00F96EAE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F80EA5 0_2_00F80EA5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFEE91 0_2_00FFEE91
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F88E8C 0_2_00F88E8C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED6E97 0_2_00ED6E97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F8AE5A 0_2_00F8AE5A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F86E56 0_2_00F86E56
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01056FAB 0_2_01056FAB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F82E4A 0_2_00F82E4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01010FB4 0_2_01010FB4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FCCE44 0_2_00FCCE44
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F8CE44 0_2_00F8CE44
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD6E3A 0_2_00FD6E3A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3CE2F 0_2_00F3CE2F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC0E20 0_2_00FC0E20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01044FDB 0_2_01044FDB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F72E1D 0_2_00F72E1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDAE00 0_2_00EDAE00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EFCE00 0_2_00EFCE00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0107AFF1 0_2_0107AFF1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FD4FF2 0_2_00FD4FF2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0108AE12 0_2_0108AE12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFCFE5 0_2_00FFCFE5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC6FE2 0_2_00FC6FE2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0101AE2E 0_2_0101AE2E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F98FCD 0_2_00F98FCD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED8FAD 0_2_00ED8FAD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FCEFA8 0_2_00FCEFA8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FFAF82 0_2_00FFAF82
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F76F74 0_2_00F76F74
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F2EF60 0_2_00F2EF60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FC4F68 0_2_00FC4F68
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FB2F6D 0_2_00FB2F6D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01050EA2 0_2_01050EA2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F22F58 0_2_00F22F58
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE8F5D 0_2_00EE8F5D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF6F4A 0_2_00FF6F4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE6F47 0_2_00FE6F47
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F40F4B 0_2_00F40F4B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F6AF31 0_2_00F6AF31
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102CEDA 0_2_0102CEDA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FF0F23 0_2_00FF0F23
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EDEF30 0_2_00EDEF30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FBCF24 0_2_00FBCF24
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ED4F08 0_2_00ED4F08
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102EEE4 0_2_0102EEE4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0103CEE4 0_2_0103CEE4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3AF1C 0_2_00F3AF1C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F7CF00 0_2_00F7CF00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F450F3 0_2_00F450F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F4D0F3 0_2_00F4D0F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F690E3 0_2_00F690E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F9F0E1 0_2_00F9F0E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0104311D 0_2_0104311D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01017120 0_2_01017120
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00ED4A30 appears 76 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00EC8000 appears 55 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9976143490484429
Source: file.exe Static PE information: Section: sbjgrbkb ZLIB complexity 0.9943977255293035
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@1/0@1/1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EF0A6C CoCreateInstance, 0_2_00EF0A6C
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe, 00000000.00000003.2089885790.0000000005F14000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2112540769.0000000005F16000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2090160390.0000000005EF5000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe Virustotal: Detection: 50%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: file.exe Static file information: File size 1832448 > 1048576
Source: file.exe Static PE information: Raw size of sbjgrbkb is bigger than: 0x100000 < 0x197600

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.ec0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;sbjgrbkb:EW;biqspjfj:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;sbjgrbkb:EW;biqspjfj:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1c06e1 should be: 0x1c72fd
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: sbjgrbkb
Source: file.exe Static PE information: section name: biqspjfj
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F19754 push 2264CF20h; mov dword ptr [esp], edi 0_2_00F19A34
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F19754 push ecx; mov dword ptr [esp], esi 0_2_00F19A38
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01110112 push eax; mov dword ptr [esp], 5F4FDA72h 0_2_01110137
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01110112 push ebx; mov dword ptr [esp], 47A36CDAh 0_2_011101C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F1C0E7 push ebx; mov dword ptr [esp], 1EFF5E86h 0_2_00F1DF22
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F1C0CB push 6FC91774h; mov dword ptr [esp], esi 0_2_00F1C0D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01000158 push edx; mov dword ptr [esp], 71DCF45Bh 0_2_01000241
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01000158 push 3318ECBAh; mov dword ptr [esp], ebx 0_2_01000257
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01000158 push ebx; mov dword ptr [esp], 329D99B1h 0_2_010002E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_01000158 push 73BEE0A1h; mov dword ptr [esp], edx 0_2_01000313
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE40A1 push edx; mov dword ptr [esp], esp 0_2_00FE4441
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE40A1 push 34CE3975h; mov dword ptr [esp], esi 0_2_00FE4461
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE40A1 push esi; mov dword ptr [esp], edi 0_2_00FE449C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE40A1 push edi; mov dword ptr [esp], ecx 0_2_00FE452A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE40A1 push edi; mov dword ptr [esp], edx 0_2_00FE4541
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE40A1 push 234BAAB2h; mov dword ptr [esp], eax 0_2_00FE46B6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00FE40A1 push 7A3C0BE3h; mov dword ptr [esp], edx 0_2_00FE46BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F18094 push esi; mov dword ptr [esp], ebp 0_2_00F1809A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push ecx; mov dword ptr [esp], ebx 0_2_0102C5D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push 210FF976h; mov dword ptr [esp], edi 0_2_0102C5E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push edx; mov dword ptr [esp], ebp 0_2_0102C614
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push 2430C864h; mov dword ptr [esp], esi 0_2_0102C6AC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push edx; mov dword ptr [esp], ebp 0_2_0102C6B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push ebp; mov dword ptr [esp], ecx 0_2_0102C6D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push edi; mov dword ptr [esp], eax 0_2_0102C6F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push ebp; mov dword ptr [esp], eax 0_2_0102C71E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push edi; mov dword ptr [esp], edx 0_2_0102C72B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push 575F87E0h; mov dword ptr [esp], ebx 0_2_0102C76A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push 4F817698h; mov dword ptr [esp], esi 0_2_0102C80D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0102C1B9 push 7BD18729h; mov dword ptr [esp], edi 0_2_0102C815
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_010801C9 push 4F0850CAh; mov dword ptr [esp], ebp 0_2_010801F8
Source: file.exe Static PE information: section name: entropy: 7.983244716136416
Source: file.exe Static PE information: section name: sbjgrbkb entropy: 7.954135504267137

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Users\user\Desktop\file.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Query firmware table information (likely to detect VMs)
Source: C:\Users\user\Desktop\file.exe System information queried: FirmwareTableInformation Jump to behavior
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108EFE7 second address: 108EFFC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8681h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108EFFC second address: 108F01A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF1610D0718h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108F01A second address: 108F020 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108F020 second address: 108F024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108F024 second address: 108F044 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FF1610B867Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007FF1610B8678h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109342B second address: 109342F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109342F second address: 109345F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push edi 0x0000000c pop edi 0x0000000d pop ecx 0x0000000e popad 0x0000000f push ebx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007FF1610B867Ah 0x0000001a push edx 0x0000001b pop edx 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jnc 00007FF1610B8676h 0x00000025 ja 00007FF1610B8676h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10935AB second address: 10935B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10935B1 second address: 10935B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10935B5 second address: 10935CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0711h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109370F second address: 109371E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF1610B8676h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109371E second address: 1093724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1093724 second address: 1093753 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jbe 00007FF1610B8690h 0x00000010 jmp 00007FF1610B867Ah 0x00000015 jmp 00007FF1610B8680h 0x0000001a popad 0x0000001b push eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1093753 second address: 1093759 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1093852 second address: 1093856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1093856 second address: 1093878 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007FF1610D0716h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1093878 second address: 10938A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FF1610B867Eh 0x0000000d jmp 00007FF1610B8683h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10938A1 second address: 10938BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0717h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1093A0A second address: 1093A0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1093A0E second address: 1093A36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007FF1610D0716h 0x0000000c pop ecx 0x0000000d push edx 0x0000000e jc 00007FF1610D070Eh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1096266 second address: 109626B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109626B second address: 1096275 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FF1610D0706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1096342 second address: 1096346 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1096346 second address: 1096360 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0716h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1096360 second address: 1096366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1096366 second address: 109636A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1096458 second address: 109645D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1096512 second address: 109651B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109651B second address: 1096531 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007FF1610B867Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1096531 second address: 1096537 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1096537 second address: 109653B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10965DE second address: 10965EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10965EF second address: 10965F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10965F9 second address: 10965FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10965FD second address: 109660F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007FF1610B8676h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10966A0 second address: 10966A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10966A5 second address: 10966FF instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF1610B868Eh 0x00000008 jmp 00007FF1610B8688h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 pushad 0x00000011 mov ah, bh 0x00000013 mov ecx, dword ptr [ebp+122D19AAh] 0x00000019 popad 0x0000001a push 00000000h 0x0000001c sub di, 876Ah 0x00000021 call 00007FF1610B8679h 0x00000026 ja 00007FF1610B867Ch 0x0000002c pushad 0x0000002d push ecx 0x0000002e pop ecx 0x0000002f pushad 0x00000030 popad 0x00000031 popad 0x00000032 push eax 0x00000033 pushad 0x00000034 jmp 00007FF1610B867Bh 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10966FF second address: 1096703 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1096703 second address: 109672B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jng 00007FF1610B8684h 0x00000014 push eax 0x00000015 push edx 0x00000016 js 00007FF1610B8676h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 109672B second address: 10967A7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push edi 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d pop edi 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 jmp 00007FF1610D0711h 0x00000017 pop eax 0x00000018 mov edx, dword ptr [ebp+122D2AEEh] 0x0000001e push 00000003h 0x00000020 mov dword ptr [ebp+122D26A3h], ecx 0x00000026 push 00000000h 0x00000028 or dword ptr [ebp+122D1BA7h], ecx 0x0000002e add edx, dword ptr [ebp+122D2BCAh] 0x00000034 push 00000003h 0x00000036 mov dx, 403Ah 0x0000003a call 00007FF1610D0709h 0x0000003f push edi 0x00000040 jmp 00007FF1610D0712h 0x00000045 pop edi 0x00000046 push eax 0x00000047 je 00007FF1610D070Eh 0x0000004d mov eax, dword ptr [esp+04h] 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10967A7 second address: 10967AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10967AB second address: 10967B5 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10967B5 second address: 10967E7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF1610B8686h 0x00000008 jmp 00007FF1610B8680h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [eax] 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 jmp 00007FF1610B8682h 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10967E7 second address: 1096824 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push ebx 0x0000000f jmp 00007FF1610D070Eh 0x00000014 pop ebx 0x00000015 pop eax 0x00000016 call 00007FF1610D070Bh 0x0000001b mov cl, 9Ch 0x0000001d pop edi 0x0000001e lea ebx, dword ptr [ebp+124511B1h] 0x00000024 adc dh, FFFFFFBAh 0x00000027 push eax 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push ecx 0x0000002c pop ecx 0x0000002d pop eax 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1081838 second address: 108184D instructions: 0x00000000 rdtsc 0x00000002 js 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jp 00007FF1610B8676h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108184D second address: 1081852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1081852 second address: 1081858 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1081858 second address: 1081869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D070Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1081869 second address: 1081886 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FF1610B867Dh 0x0000000f jno 00007FF1610B8676h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B622B second address: 10B6249 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF1610D0717h 0x00000008 jmp 00007FF1610D0711h 0x0000000d pushad 0x0000000e push edi 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6249 second address: 10B6258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6258 second address: 10B625E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B625E second address: 10B6262 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6262 second address: 10B6268 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B639D second address: 10B63A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B63A3 second address: 10B63A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B63A7 second address: 10B63B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B63B0 second address: 10B63BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B63BD second address: 10B63C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B63C1 second address: 10B63E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0716h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B63E1 second address: 10B63EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B656A second address: 10B656E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B656E second address: 10B6574 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6574 second address: 10B6593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007FF1610D0712h 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6593 second address: 10B659B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B659B second address: 10B65A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B65A6 second address: 10B65B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FF1610B867Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B673B second address: 10B673F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B688D second address: 10B68A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8683h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B68A4 second address: 10B68AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B68AA second address: 10B68AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6F35 second address: 10B6F44 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6F44 second address: 10B6F4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6F4A second address: 10B6F5F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D070Bh 0x00000009 je 00007FF1610D0706h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6F5F second address: 10B6F63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B6F63 second address: 10B6F8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007FF1610D071Bh 0x0000000c jns 00007FF1610D0706h 0x00000012 jmp 00007FF1610D070Fh 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push edx 0x0000001b push esi 0x0000001c push esi 0x0000001d pop esi 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AAADF second address: 10AAAE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AAAE6 second address: 10AAB16 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF1610D070Ch 0x00000008 jnp 00007FF1610D0706h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FF1610D0710h 0x00000017 push ebx 0x00000018 jng 00007FF1610D0706h 0x0000001e jnp 00007FF1610D0706h 0x00000024 pop ebx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7E23 second address: 10B7E28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7E28 second address: 10B7E2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B7E2E second address: 10B7E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB72B second address: 10BB763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 jmp 00007FF1610D0713h 0x0000000e mov eax, dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 jmp 00007FF1610D0716h 0x00000018 pop esi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB763 second address: 10BB782 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 jmp 00007FF1610B867Dh 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB782 second address: 10BB788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB788 second address: 10BB78C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10B9F82 second address: 10B9F8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB896 second address: 10BB89A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB89A second address: 10BB89E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB89E second address: 10BB8A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB8A4 second address: 10BB8BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0714h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB8BC second address: 10BB8D6 instructions: 0x00000000 rdtsc 0x00000002 je 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007FF1610B867Ch 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB8D6 second address: 10BB8DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB8DA second address: 10BB900 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8684h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jng 00007FF1610B8676h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10BB900 second address: 10BB91B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0717h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1084C4F second address: 1084C54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1084C54 second address: 1084C75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jng 00007FF1610D0706h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FF1610D0710h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C4CD5 second address: 10C4CDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C459F second address: 10C45A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C45A3 second address: 10C45AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C45AB second address: 10C45C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1610D0718h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C6FE1 second address: 10C6FE6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C71CB second address: 10C71CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C7350 second address: 10C7354 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C7822 second address: 10C7837 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0711h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C7837 second address: 10C783D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C783D second address: 10C7841 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C7C7A second address: 10C7C9B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF1610B867Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FF1610B867Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C8E83 second address: 10C8E9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0713h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C8E9E second address: 10C8EA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CA6E0 second address: 10CA6E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CA6E4 second address: 10CA6EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CD9FD second address: 10CDA01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10CEB0A second address: 10CEB14 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF1610B867Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D2ED2 second address: 10D2ED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D2ED7 second address: 10D2EDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D2EDD second address: 10D2EE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D2093 second address: 10D209D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D209D second address: 10D20A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D20A1 second address: 10D210B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+12461306h], eax 0x0000000f push dword ptr fs:[00000000h] 0x00000016 mov edi, dword ptr [ebp+122D2C42h] 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 mov di, 112Ch 0x00000027 mov eax, dword ptr [ebp+122D14C9h] 0x0000002d add edi, 2610CBC0h 0x00000033 push FFFFFFFFh 0x00000035 push 00000000h 0x00000037 push edi 0x00000038 call 00007FF1610B8678h 0x0000003d pop edi 0x0000003e mov dword ptr [esp+04h], edi 0x00000042 add dword ptr [esp+04h], 0000001Ch 0x0000004a inc edi 0x0000004b push edi 0x0000004c ret 0x0000004d pop edi 0x0000004e ret 0x0000004f add dword ptr [ebp+122D3884h], esi 0x00000055 push eax 0x00000056 jc 00007FF1610B8680h 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D4E78 second address: 10D4E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D4E7E second address: 10D4E83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D4E83 second address: 10D4E88 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D4F17 second address: 10D4F1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D5E81 second address: 10D5E87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D5E87 second address: 10D5EC0 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FF1610B8687h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d sub ebx, dword ptr [ebp+122D29E2h] 0x00000013 push 00000000h 0x00000015 xor bx, A592h 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+122D24EEh], esi 0x00000022 xchg eax, esi 0x00000023 push edi 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 pop eax 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D7EA1 second address: 10D7EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D60CF second address: 10D60DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FF1610B8676h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D7EA9 second address: 10D7EB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jbe 00007FF1610D0706h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108D56B second address: 108D56F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D9501 second address: 10D9506 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D9506 second address: 10D951F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jbe 00007FF1610B8684h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D951F second address: 10D9523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D864C second address: 10D8656 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FF1610B867Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D8656 second address: 10D86F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ebx 0x00000008 jg 00007FF1610D070Ch 0x0000000e pop ebx 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007FF1610D0708h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 00000017h 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a mov edi, dword ptr [ebp+122D1AE9h] 0x00000030 push dword ptr fs:[00000000h] 0x00000037 push edi 0x00000038 pop ebx 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 push edx 0x00000041 pop edi 0x00000042 mov eax, dword ptr [ebp+122D1585h] 0x00000048 mov bx, cx 0x0000004b jmp 00007FF1610D070Eh 0x00000050 push FFFFFFFFh 0x00000052 call 00007FF1610D0716h 0x00000057 mov edi, dword ptr [ebp+122D1DD5h] 0x0000005d pop edi 0x0000005e nop 0x0000005f jng 00007FF1610D070Eh 0x00000065 je 00007FF1610D0708h 0x0000006b push eax 0x0000006c pop eax 0x0000006d push eax 0x0000006e jbe 00007FF1610D070Eh 0x00000074 push ebx 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10D9725 second address: 10D9729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DA6DA second address: 10DA6E7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DA6E7 second address: 10DA766 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007FF1610B8678h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 push dword ptr fs:[00000000h] 0x00000029 mov dword ptr [ebp+122D1EB2h], edi 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 movzx edi, bx 0x00000039 mov eax, dword ptr [ebp+122D163Dh] 0x0000003f mov edi, dword ptr [ebp+122D2B76h] 0x00000045 push FFFFFFFFh 0x00000047 push 00000000h 0x00000049 push ebx 0x0000004a call 00007FF1610B8678h 0x0000004f pop ebx 0x00000050 mov dword ptr [esp+04h], ebx 0x00000054 add dword ptr [esp+04h], 00000015h 0x0000005c inc ebx 0x0000005d push ebx 0x0000005e ret 0x0000005f pop ebx 0x00000060 ret 0x00000061 sub ebx, dword ptr [ebp+124511C0h] 0x00000067 nop 0x00000068 jo 00007FF1610B867Eh 0x0000006e push ebx 0x0000006f push eax 0x00000070 push edx 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DC251 second address: 10DC255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DC255 second address: 10DC260 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DC260 second address: 10DC295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 jng 00007FF1610D070Ch 0x0000000d add ebx, dword ptr [ebp+122D18A8h] 0x00000013 pushad 0x00000014 mov ax, 11B3h 0x00000018 mov eax, dword ptr [ebp+1244EE83h] 0x0000001e popad 0x0000001f push 00000000h 0x00000021 sub di, 3F99h 0x00000026 push 00000000h 0x00000028 adc ebx, 5DB431C4h 0x0000002e push eax 0x0000002f push eax 0x00000030 push edx 0x00000031 push ecx 0x00000032 push edx 0x00000033 pop edx 0x00000034 pop ecx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DD2E7 second address: 10DD306 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FF1610B8682h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DE2C8 second address: 10DE31A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnl 00007FF1610D0706h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f cmc 0x00000010 push 00000000h 0x00000012 clc 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ecx 0x00000018 call 00007FF1610D0708h 0x0000001d pop ecx 0x0000001e mov dword ptr [esp+04h], ecx 0x00000022 add dword ptr [esp+04h], 00000019h 0x0000002a inc ecx 0x0000002b push ecx 0x0000002c ret 0x0000002d pop ecx 0x0000002e ret 0x0000002f jmp 00007FF1610D0717h 0x00000034 xchg eax, esi 0x00000035 push ebx 0x00000036 push esi 0x00000037 push eax 0x00000038 push edx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DE31A second address: 10DE326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DE326 second address: 10DE32A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DE32A second address: 10DE334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DE334 second address: 10DE338 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DB513 second address: 10DB51A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DB51A second address: 10DB52A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D070Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DF301 second address: 10DF307 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DB5F3 second address: 10DB5FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edi 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10DF307 second address: 10DF379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ecx 0x0000000e call 00007FF1610B8678h 0x00000013 pop ecx 0x00000014 mov dword ptr [esp+04h], ecx 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc ecx 0x00000021 push ecx 0x00000022 ret 0x00000023 pop ecx 0x00000024 ret 0x00000025 sub di, 64F5h 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push eax 0x0000002f call 00007FF1610B8678h 0x00000034 pop eax 0x00000035 mov dword ptr [esp+04h], eax 0x00000039 add dword ptr [esp+04h], 0000001Dh 0x00000041 inc eax 0x00000042 push eax 0x00000043 ret 0x00000044 pop eax 0x00000045 ret 0x00000046 movsx ebx, cx 0x00000049 push 00000000h 0x0000004b mov edi, esi 0x0000004d or ebx, 4B395494h 0x00000053 push eax 0x00000054 pushad 0x00000055 pushad 0x00000056 push edi 0x00000057 pop edi 0x00000058 pushad 0x00000059 popad 0x0000005a popad 0x0000005b jp 00007FF1610B867Ch 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10E13B6 second address: 10E13BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10E13BA second address: 10E13E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF1610B867Eh 0x0000000b popad 0x0000000c push eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF1610B8680h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10E23A8 second address: 10E240E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007FF1610D070Fh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007FF1610D0710h 0x00000014 jc 00007FF1610D0708h 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d nop 0x0000001e push 00000000h 0x00000020 jmp 00007FF1610D070Ah 0x00000025 push 00000000h 0x00000027 xchg eax, esi 0x00000028 jmp 00007FF1610D0717h 0x0000002d push eax 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 js 00007FF1610D0706h 0x00000037 pushad 0x00000038 popad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10E1546 second address: 10E1556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610B867Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10E240E second address: 10E2414 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10E1556 second address: 10E155A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10E155A second address: 10E156C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007FF1610D0706h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10E6C08 second address: 10E6C12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108B9A9 second address: 108B9BB instructions: 0x00000000 rdtsc 0x00000002 jns 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007FF1610D070Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108B9BB second address: 108B9C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007FF1610B8676h 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108B9C9 second address: 108B9CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108B9CD second address: 108B9F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FF1610B867Ah 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF1610B8688h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108B9F8 second address: 108B9FD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10EA78B second address: 10EA793 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10EA91C second address: 10EA920 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10EA920 second address: 10EA93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B8689h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10EAC13 second address: 10EAC18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10EAC18 second address: 10EAC26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 je 00007FF1610B8676h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10F02D3 second address: 10F02E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a ja 00007FF1610D070Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10F02E5 second address: 10F02E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10F02E9 second address: 10F02F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D070Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10F02F9 second address: 10F0313 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10F4F57 second address: 10F4F5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10F3D5A second address: 10F3D5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10F46B1 second address: 10F46B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10F4B17 second address: 10F4B2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8680h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10F4CA5 second address: 10F4CAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10F4CAC second address: 10F4CBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FF1610B867Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FAC7E second address: 10FAC87 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FADFD second address: 10FAE1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8688h 0x00000007 jne 00007FF1610B867Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FAF7F second address: 10FAF8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FF1610D0708h 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FAF8C second address: 10FAFAB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FF1610B867Bh 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007FF1610B8676h 0x00000013 jbe 00007FF1610B8676h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FB101 second address: 10FB112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FF1610D070Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FB235 second address: 10FB242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jno 00007FF1610B8676h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FB242 second address: 10FB25E instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnl 00007FF1610D070Ch 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FB25E second address: 10FB264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FB264 second address: 10FB27E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007FF1610D0710h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FB544 second address: 10FB548 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FB548 second address: 10FB559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 je 00007FF1610D0706h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FB559 second address: 10FB56F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FF1610B867Eh 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FB993 second address: 10FB999 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10FB999 second address: 10FB99D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AB5A1 second address: 10AB5B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007FF1610D070Ch 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AB5B2 second address: 10AB5B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AB5B7 second address: 10AB5D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0715h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10AB5D2 second address: 10AB5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FF1610B8681h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10790AB second address: 10790B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1104B67 second address: 1104B6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1104B6B second address: 1104B7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 jo 00007FF1610D0716h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1086738 second address: 108673C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 108673C second address: 1086742 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1103962 second address: 1103968 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1103BE8 second address: 1103BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0712h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1103EF6 second address: 1103EFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1103616 second address: 110361C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110361C second address: 110363D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B867Bh 0x00000009 popad 0x0000000a jbe 00007FF1610B867Eh 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110363D second address: 1103667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FF1610D0706h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF1610D0717h 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1104604 second address: 110460A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11048A5 second address: 11048B5 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1107D78 second address: 1107D91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B8680h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1107D91 second address: 1107D9B instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1107D9B second address: 1107DA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1107DA0 second address: 1107DB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jc 00007FF1610D0706h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1107DB1 second address: 1107DE5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF1610B8676h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jg 00007FF1610B86A8h 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jmp 00007FF1610B8687h 0x0000001c popad 0x0000001d pushad 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5576 second address: 10AAADF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a add dword ptr [ebp+122D1A7Fh], edi 0x00000010 xor cl, 0000007Ah 0x00000013 lea eax, dword ptr [ebp+124802A4h] 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c call 00007FF1610D0708h 0x00000021 pop ebx 0x00000022 mov dword ptr [esp+04h], ebx 0x00000026 add dword ptr [esp+04h], 0000001Dh 0x0000002e inc ebx 0x0000002f push ebx 0x00000030 ret 0x00000031 pop ebx 0x00000032 ret 0x00000033 mov dword ptr [ebp+122D2323h], eax 0x00000039 push ecx 0x0000003a sbb edx, 79BBEF24h 0x00000040 pop edx 0x00000041 push eax 0x00000042 jmp 00007FF1610D0717h 0x00000047 mov dword ptr [esp], eax 0x0000004a mov dword ptr [ebp+122D18A8h], eax 0x00000050 call dword ptr [ebp+1244E5E4h] 0x00000056 push eax 0x00000057 push edx 0x00000058 push ebx 0x00000059 jmp 00007FF1610D0713h 0x0000005e jmp 00007FF1610D070Ah 0x00000063 pop ebx 0x00000064 pushad 0x00000065 jmp 00007FF1610D070Eh 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5675 second address: 10C5679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5679 second address: 10C568B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C568B second address: 10C5690 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5690 second address: 10C5696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5968 second address: 10C596C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C596C second address: 10C5970 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5970 second address: 10C597C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C597C second address: 10C5981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5AF0 second address: 10C5B0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop esi 0x00000006 add dword ptr [esp], 638F3462h 0x0000000d mov dl, 01h 0x0000000f push EA82DC7Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5B0A second address: 10C5B0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5C76 second address: 10C5C7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5C7A second address: 10C5C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5F84 second address: 10C5FF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push eax 0x0000000e call 00007FF1610B8678h 0x00000013 pop eax 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 add dword ptr [esp+04h], 00000017h 0x00000020 inc eax 0x00000021 push eax 0x00000022 ret 0x00000023 pop eax 0x00000024 ret 0x00000025 mov dx, si 0x00000028 jmp 00007FF1610B8687h 0x0000002d push 00000004h 0x0000002f jl 00007FF1610B8687h 0x00000035 jmp 00007FF1610B8681h 0x0000003a nop 0x0000003b push eax 0x0000003c push edx 0x0000003d jmp 00007FF1610B8682h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5FF6 second address: 10C5FFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C5FFC second address: 10C602B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8682h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jl 00007FF1610B8676h 0x00000015 jmp 00007FF1610B867Ch 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C6795 second address: 10C6799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C6799 second address: 10C67AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8682h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C67AF second address: 10C67B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C6907 second address: 10AB5A1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8683h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FF1610B8681h 0x0000000e popad 0x0000000f mov dword ptr [esp], eax 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007FF1610B8678h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c lea eax, dword ptr [ebp+124802A4h] 0x00000032 jbe 00007FF1610B8679h 0x00000038 add ch, FFFFFFFAh 0x0000003b push eax 0x0000003c jmp 00007FF1610B867Bh 0x00000041 mov dword ptr [esp], eax 0x00000044 jmp 00007FF1610B867Dh 0x00000049 call dword ptr [ebp+122D19C3h] 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 jmp 00007FF1610B8682h 0x00000057 jp 00007FF1610B8676h 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11081D3 second address: 11081E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FF1610D0706h 0x0000000a pop edi 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11086A8 second address: 11086B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11086B0 second address: 11086CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 pop edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110882F second address: 1108835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1108835 second address: 110883A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11100C1 second address: 11100CF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110F93B second address: 110F940 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110FBFF second address: 110FC03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110FC03 second address: 110FC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FF1610D0706h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push edx 0x0000000e pop edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110FC17 second address: 110FC21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110FC21 second address: 110FC25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110FC25 second address: 110FC41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FF1610B867Dh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110FC41 second address: 110FC54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D070Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110FE03 second address: 110FE07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 110FE07 second address: 110FE3E instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF1610D0706h 0x00000008 jmp 00007FF1610D0715h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop esi 0x00000010 push ebx 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007FF1610D0711h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11163DE second address: 11163E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1116515 second address: 111654A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0711h 0x00000009 jmp 00007FF1610D0711h 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FF1610D070Bh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111654A second address: 1116550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11166C5 second address: 11166D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1610D070Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1116837 second address: 111683D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111683D second address: 1116847 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FF1610D0706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111B1FE second address: 111B20C instructions: 0x00000000 rdtsc 0x00000002 jne 00007FF1610B8676h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111B20C second address: 111B210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111B210 second address: 111B214 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111B214 second address: 111B21C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C6237 second address: 10C623B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C623B second address: 10C6254 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0715h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111B91E second address: 111B931 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Ah 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111B931 second address: 111B947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0710h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 107AB2B second address: 107AB2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111F01A second address: 111F021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111F2E7 second address: 111F301 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF1610B8676h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007FF1610B867Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 111F301 second address: 111F321 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FF1610D0708h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF1610D0714h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1127551 second address: 112756E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ecx 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FF1610B8682h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11258E8 second address: 11258EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11258EC second address: 11258F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1125B83 second address: 1125B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1125B89 second address: 1125BAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007FF1610B8687h 0x0000000b jne 00007FF1610B8676h 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1125BAD second address: 1125BB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1125BB5 second address: 1125BF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007FF1610B867Ah 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FF1610B867Ch 0x00000018 jmp 00007FF1610B8682h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1125BF3 second address: 1125BF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1125BF9 second address: 1125BFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11269C9 second address: 11269D3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FF1610D0712h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11269D3 second address: 11269D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11269D9 second address: 11269E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11269E0 second address: 11269E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11272B4 second address: 11272BA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112CA85 second address: 112CA96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007FF1610B8678h 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112F9B0 second address: 112F9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007FF1610D0706h 0x0000000a popad 0x0000000b jmp 00007FF1610D070Ch 0x00000010 pop esi 0x00000011 pushad 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112FB92 second address: 112FB96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112FE9A second address: 112FEBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push ecx 0x00000008 jmp 00007FF1610D0711h 0x0000000d jne 00007FF1610D0706h 0x00000013 pop ecx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112FEBA second address: 112FEC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112FEC2 second address: 112FEEF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0718h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007FF1610D070Bh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112FEEF second address: 112FF04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007FF1610B8678h 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f ja 00007FF1610B8676h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 112FF04 second address: 112FF08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1130063 second address: 1130067 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11301FD second address: 1130203 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1130626 second address: 113062A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1137D9E second address: 1137DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 113817B second address: 1138181 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1138181 second address: 11381A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007FF1610D0706h 0x0000000a push edx 0x0000000b pop edx 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007FF1610D0713h 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11381A7 second address: 11381AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11381AC second address: 11381B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1138760 second address: 113879C instructions: 0x00000000 rdtsc 0x00000002 jp 00007FF1610B8676h 0x00000008 jmp 00007FF1610B867Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FF1610B8683h 0x00000014 jng 00007FF1610B868Bh 0x0000001a pushad 0x0000001b jmp 00007FF1610B867Bh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1138A18 second address: 1138A21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 113988B second address: 11398C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B8685h 0x00000009 pop ecx 0x0000000a pushad 0x0000000b push ebx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF1610B8684h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11398C0 second address: 11398C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 113F576 second address: 113F57B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 113F57B second address: 113F587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 113F587 second address: 113F58C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 113F0BB second address: 113F0C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 113F0C1 second address: 113F0C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 113F0C7 second address: 113F0CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 113F0CB second address: 113F0CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 113F0CF second address: 113F0D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 113F293 second address: 113F29B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 114C1CD second address: 114C1D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 114C1D3 second address: 114C1E2 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF1610B8676h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11524C4 second address: 11524E3 instructions: 0x00000000 rdtsc 0x00000002 js 00007FF1610D0706h 0x00000008 jmp 00007FF1610D0715h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11524E3 second address: 11524F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 115FC68 second address: 115FC6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 115FC6F second address: 115FC79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FF1610B8676h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 115FC79 second address: 115FC8C instructions: 0x00000000 rdtsc 0x00000002 je 00007FF1610D0706h 0x00000008 js 00007FF1610D0706h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 115FC8C second address: 115FCAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FF1610B8676h 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e jmp 00007FF1610B8681h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 115FCAF second address: 115FCB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 115FCB5 second address: 115FCB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 115FB26 second address: 115FB31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FF1610D0706h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11679EF second address: 11679FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FF1610B8676h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11679FD second address: 1167A0C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FF1610D0706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1167A0C second address: 1167A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 116672D second address: 1166733 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11669FC second address: 1166A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1166A02 second address: 1166A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jo 00007FF1610D0706h 0x0000000e pop esi 0x0000000f push ebx 0x00000010 jo 00007FF1610D0706h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1166A1A second address: 1166A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 pop edi 0x00000009 popad 0x0000000a push ecx 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1166B6E second address: 1166B83 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FF1610D070Ch 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 116B77F second address: 116B787 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 116B787 second address: 116B790 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 116B340 second address: 116B372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FF1610B8686h 0x0000000b jmp 00007FF1610B867Ch 0x00000010 popad 0x00000011 pushad 0x00000012 jnl 00007FF1610B8676h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 117C23C second address: 117C244 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 117C244 second address: 117C24A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1188D12 second address: 1188D16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1188D16 second address: 1188D2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 pushad 0x0000000a js 00007FF1610B8678h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1188BC7 second address: 1188BD3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007FF1610D0706h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118D11C second address: 118D145 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Ch 0x00000007 jmp 00007FF1610B867Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FF1610B867Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118D145 second address: 118D15F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0716h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118CC90 second address: 118CCB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B867Ch 0x00000009 jmp 00007FF1610B8681h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 118CCB2 second address: 118CCBE instructions: 0x00000000 rdtsc 0x00000002 je 00007FF1610D070Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A2441 second address: 11A2445 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A16E4 second address: 11A16EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A16EA second address: 11A1707 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 jp 00007FF1610B8676h 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF1610B867Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A1870 second address: 11A1876 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A1F29 second address: 11A1F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610B8680h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FF1610B867Ch 0x00000014 pushad 0x00000015 popad 0x00000016 jno 00007FF1610B8676h 0x0000001c popad 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A4DCE second address: 11A4DD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A4DD2 second address: 11A4DD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A4FEC second address: 11A4FF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A65B8 second address: 11A65BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A65BD second address: 11A65E4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edx 0x00000004 pop edx 0x00000005 jns 00007FF1610D0706h 0x0000000b pop edi 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FF1610D070Ah 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 jl 00007FF1610D072Ch 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A65E4 second address: 11A65EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A7D35 second address: 11A7D40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A7D40 second address: 11A7D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 11A9C5B second address: 11A9C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FF1610D0714h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 10C98EF second address: 10C98F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55803A8 second address: 55803FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007FF1610D0717h 0x00000011 or si, 38FEh 0x00000016 jmp 00007FF1610D0719h 0x0000001b popfd 0x0000001c movzx ecx, dx 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 pushad 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55803FB second address: 5580466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 call 00007FF1610B8680h 0x0000000a jmp 00007FF1610B8682h 0x0000000f pop esi 0x00000010 popad 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 jmp 00007FF1610B8687h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushfd 0x0000001c jmp 00007FF1610B8686h 0x00000021 and al, FFFFFFE8h 0x00000024 jmp 00007FF1610B867Bh 0x00000029 popfd 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5580544 second address: 5580548 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0579 second address: 55A05FB instructions: 0x00000000 rdtsc 0x00000002 mov ebx, esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007FF1610B8682h 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e popad 0x0000000f push ebx 0x00000010 pushad 0x00000011 mov di, cx 0x00000014 pushfd 0x00000015 jmp 00007FF1610B8686h 0x0000001a adc esi, 53483898h 0x00000020 jmp 00007FF1610B867Bh 0x00000025 popfd 0x00000026 popad 0x00000027 mov dword ptr [esp], ebp 0x0000002a pushad 0x0000002b movzx ecx, di 0x0000002e pushfd 0x0000002f jmp 00007FF1610B8681h 0x00000034 add ah, 00000036h 0x00000037 jmp 00007FF1610B8681h 0x0000003c popfd 0x0000003d popad 0x0000003e mov ebp, esp 0x00000040 push eax 0x00000041 push edx 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 popad 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A05FB second address: 55A05FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A05FF second address: 55A0605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0605 second address: 55A061A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0711h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A061A second address: 55A069B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 pushad 0x0000000a call 00007FF1610B8688h 0x0000000f call 00007FF1610B8682h 0x00000014 pop ecx 0x00000015 pop edi 0x00000016 movzx eax, bx 0x00000019 popad 0x0000001a mov dword ptr [esp], ecx 0x0000001d pushad 0x0000001e call 00007FF1610B8689h 0x00000023 mov ax, F8B7h 0x00000027 pop esi 0x00000028 popad 0x00000029 push esi 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d movsx ebx, cx 0x00000030 pushfd 0x00000031 jmp 00007FF1610B867Ah 0x00000036 and cx, 86D8h 0x0000003b jmp 00007FF1610B867Bh 0x00000040 popfd 0x00000041 popad 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A069B second address: 55A06A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A06A0 second address: 55A0720 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF1610B8685h 0x0000000a xor ah, 00000076h 0x0000000d jmp 00007FF1610B8681h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 mov dword ptr [esp], esi 0x00000019 pushad 0x0000001a mov cx, 7503h 0x0000001e pushfd 0x0000001f jmp 00007FF1610B8688h 0x00000024 or esi, 7B324AC8h 0x0000002a jmp 00007FF1610B867Bh 0x0000002f popfd 0x00000030 popad 0x00000031 lea eax, dword ptr [ebp-04h] 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FF1610B8685h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0720 second address: 55A0749 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, cx 0x00000006 call 00007FF1610D0718h 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0749 second address: 55A074D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A074D second address: 55A0753 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0753 second address: 55A075A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A07AC second address: 55A07C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0719h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0075 second address: 55A008A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c pushad 0x0000000d mov edi, 4C775260h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A008A second address: 55A0134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dl, 0Dh 0x00000006 popad 0x00000007 popad 0x00000008 push FFFFFFFEh 0x0000000a jmp 00007FF1610D070Ch 0x0000000f call 00007FF1610D0709h 0x00000014 jmp 00007FF1610D0710h 0x00000019 push eax 0x0000001a pushad 0x0000001b mov eax, ebx 0x0000001d movsx edx, ax 0x00000020 popad 0x00000021 mov eax, dword ptr [esp+04h] 0x00000025 jmp 00007FF1610D070Fh 0x0000002a mov eax, dword ptr [eax] 0x0000002c pushad 0x0000002d pushad 0x0000002e mov edx, 4DDCF238h 0x00000033 popad 0x00000034 mov bl, cl 0x00000036 popad 0x00000037 mov dword ptr [esp+04h], eax 0x0000003b jmp 00007FF1610D0716h 0x00000040 pop eax 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 push edx 0x00000045 pop esi 0x00000046 pushfd 0x00000047 jmp 00007FF1610D0719h 0x0000004c and eax, 77BE3236h 0x00000052 jmp 00007FF1610D0711h 0x00000057 popfd 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0134 second address: 55A015A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push 233068BFh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF1610B867Ah 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A015A second address: 55A021D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 5278C2B1h 0x00000010 jmp 00007FF1610D0716h 0x00000015 mov eax, dword ptr fs:[00000000h] 0x0000001b pushad 0x0000001c mov esi, 5CDC483Dh 0x00000021 mov dh, ah 0x00000023 popad 0x00000024 push ebp 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007FF1610D0710h 0x0000002c sbb eax, 3A89D548h 0x00000032 jmp 00007FF1610D070Bh 0x00000037 popfd 0x00000038 pushfd 0x00000039 jmp 00007FF1610D0718h 0x0000003e or esi, 133997A8h 0x00000044 jmp 00007FF1610D070Bh 0x00000049 popfd 0x0000004a popad 0x0000004b mov dword ptr [esp], eax 0x0000004e pushad 0x0000004f mov cx, 25BBh 0x00000053 jmp 00007FF1610D0710h 0x00000058 popad 0x00000059 sub esp, 18h 0x0000005c pushad 0x0000005d jmp 00007FF1610D070Eh 0x00000062 mov ax, 7911h 0x00000066 popad 0x00000067 xchg eax, ebx 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c pushad 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A021D second address: 55A0223 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0223 second address: 55A026C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0710h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FF1610D070Bh 0x0000000f xchg eax, ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FF1610D070Bh 0x00000019 jmp 00007FF1610D0713h 0x0000001e popfd 0x0000001f mov si, B32Fh 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A026C second address: 55A031A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop eax 0x00000005 call 00007FF1610B8687h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esp 0x0000000f pushad 0x00000010 push eax 0x00000011 jmp 00007FF1610B867Dh 0x00000016 pop ecx 0x00000017 popad 0x00000018 mov dword ptr [esp], esi 0x0000001b jmp 00007FF1610B8687h 0x00000020 xchg eax, edi 0x00000021 jmp 00007FF1610B8686h 0x00000026 push eax 0x00000027 pushad 0x00000028 mov edi, 78DE80F4h 0x0000002d pushfd 0x0000002e jmp 00007FF1610B867Dh 0x00000033 and esi, 692C62B6h 0x00000039 jmp 00007FF1610B8681h 0x0000003e popfd 0x0000003f popad 0x00000040 xchg eax, edi 0x00000041 pushad 0x00000042 mov dx, ax 0x00000045 popad 0x00000046 mov eax, dword ptr [75AF4538h] 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007FF1610B8680h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A031A second address: 55A031F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A031F second address: 55A0406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007FF1610B8687h 0x0000000a jmp 00007FF1610B8683h 0x0000000f popfd 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 xor dword ptr [ebp-08h], eax 0x00000016 jmp 00007FF1610B8686h 0x0000001b xor eax, ebp 0x0000001d pushad 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007FF1610B867Dh 0x00000025 adc esi, 7081C836h 0x0000002b jmp 00007FF1610B8681h 0x00000030 popfd 0x00000031 mov dx, ax 0x00000034 popad 0x00000035 mov al, FFh 0x00000037 popad 0x00000038 push eax 0x00000039 jmp 00007FF1610B8684h 0x0000003e mov dword ptr [esp], eax 0x00000041 jmp 00007FF1610B8680h 0x00000046 lea eax, dword ptr [ebp-10h] 0x00000049 jmp 00007FF1610B8680h 0x0000004e mov dword ptr fs:[00000000h], eax 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 pushfd 0x00000058 jmp 00007FF1610B867Dh 0x0000005d sbb ah, 00000056h 0x00000060 jmp 00007FF1610B8681h 0x00000065 popfd 0x00000066 mov ebx, eax 0x00000068 popad 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0406 second address: 55A0434 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, E0DEh 0x00000007 push edx 0x00000008 pop esi 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [ebp-18h], esp 0x0000000f jmp 00007FF1610D0711h 0x00000014 mov eax, dword ptr fs:[00000018h] 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov dx, 263Eh 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55901CC second address: 55901F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8685h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FF1610B867Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55901F5 second address: 559021B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1610D0717h 0x00000008 mov ah, A6h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559021B second address: 559021F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559021F second address: 5590236 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0713h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590236 second address: 559026C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1610B867Fh 0x00000008 mov edx, ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f mov di, si 0x00000012 movzx eax, bx 0x00000015 popad 0x00000016 mov ebp, esp 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FF1610B8682h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559026C second address: 5590272 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590272 second address: 5590276 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590276 second address: 559029A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 sub esp, 2Ch 0x0000000b pushad 0x0000000c pushad 0x0000000d jmp 00007FF1610D0715h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559029A second address: 55902DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 movzx ecx, dx 0x00000008 popad 0x00000009 push esp 0x0000000a pushad 0x0000000b mov bx, si 0x0000000e movzx ecx, bx 0x00000011 popad 0x00000012 mov dword ptr [esp], ebx 0x00000015 jmp 00007FF1610B8683h 0x0000001a xchg eax, edi 0x0000001b pushad 0x0000001c pushad 0x0000001d mov esi, 79615421h 0x00000022 push esi 0x00000023 pop ebx 0x00000024 popad 0x00000025 movzx ecx, dx 0x00000028 popad 0x00000029 push eax 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007FF1610B867Bh 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590414 second address: 5590431 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0719h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590431 second address: 5590437 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590437 second address: 559043B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559043B second address: 559043F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559043F second address: 559045F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF1610D0715h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55904F6 second address: 55904FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55904FB second address: 5590529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, si 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebx, dword ptr [ebp+08h] 0x0000000d jmp 00007FF1610D0718h 0x00000012 lea eax, dword ptr [ebp-2Ch] 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590529 second address: 559052D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559052D second address: 559054A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0719h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559054A second address: 5590580 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b jmp 00007FF1610B867Ch 0x00000010 mov esi, 127937E1h 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FF1610B867Ah 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590580 second address: 5590592 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D070Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590592 second address: 55905CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 jmp 00007FF1610B8687h 0x0000000e nop 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FF1610B8685h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55905CA second address: 5590675 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edx 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a call 00007FF1610D0712h 0x0000000f call 00007FF1610D0712h 0x00000014 pop eax 0x00000015 pop edi 0x00000016 jmp 00007FF1610D0710h 0x0000001b popad 0x0000001c nop 0x0000001d jmp 00007FF1610D0710h 0x00000022 xchg eax, ebx 0x00000023 pushad 0x00000024 jmp 00007FF1610D070Eh 0x00000029 pushfd 0x0000002a jmp 00007FF1610D0712h 0x0000002f jmp 00007FF1610D0715h 0x00000034 popfd 0x00000035 popad 0x00000036 push eax 0x00000037 jmp 00007FF1610D0711h 0x0000003c xchg eax, ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 mov di, 887Eh 0x00000044 mov dx, AE8Ah 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55906A8 second address: 55906DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF1610B867Fh 0x00000009 and ax, E33Eh 0x0000000e jmp 00007FF1610B8689h 0x00000013 popfd 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55906DC second address: 55906EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov esi, eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55906EA second address: 55906F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55906F1 second address: 559072A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FF1610D070Eh 0x00000008 mov esi, 4BCBE781h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 test esi, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jmp 00007FF1610D0719h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559072A second address: 559072F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559072F second address: 5590008 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 289BF9E0h 0x00000008 mov dx, D40Ch 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007FF1D15DE61Dh 0x00000015 xor eax, eax 0x00000017 jmp 00007FF1610A9E3Ah 0x0000001c pop esi 0x0000001d pop edi 0x0000001e pop ebx 0x0000001f leave 0x00000020 retn 0004h 0x00000023 nop 0x00000024 sub esp, 04h 0x00000027 mov edi, eax 0x00000029 xor ebx, ebx 0x0000002b cmp edi, 00000000h 0x0000002e je 00007FF1610D0814h 0x00000034 call 00007FF16576EB67h 0x00000039 mov edi, edi 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590008 second address: 559000C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559000C second address: 5590010 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590010 second address: 5590016 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590016 second address: 5590043 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF1610D0710h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov bx, si 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590043 second address: 5590049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590049 second address: 559006C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FF1610D0718h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559006C second address: 55900B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B867Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007FF1610B8686h 0x00000010 xchg eax, ecx 0x00000011 jmp 00007FF1610B8680h 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007FF1610B867Dh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55900B6 second address: 55900CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0711h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559016B second address: 559017B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610B867Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559017B second address: 559017F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559017F second address: 55901A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 leave 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FF1610B8689h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55901A5 second address: 55901A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55901A9 second address: 55901AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55901AF second address: 55901B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55901B5 second address: 55901B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590C81 second address: 5590C87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590CB7 second address: 5590CE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8689h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test al, al 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e mov bx, 7A3Eh 0x00000012 mov eax, ebx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590CE0 second address: 5590CE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590CE6 second address: 5590CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590CEA second address: 5590D0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007FF1D15C4399h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FF1610D0715h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5590D0F second address: 5590D46 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8681h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 cmp dword ptr [ebp+08h], 00002000h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 call 00007FF1610B8686h 0x00000018 pop ecx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A08D6 second address: 55A092B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007FF1610D0716h 0x0000000f mov ebp, esp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007FF1610D070Dh 0x0000001a or ecx, 39CAAC76h 0x00000020 jmp 00007FF1610D0711h 0x00000025 popfd 0x00000026 mov bx, cx 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A092B second address: 55A099D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, ECFEh 0x00000007 push edi 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d pushad 0x0000000e push ecx 0x0000000f movsx edx, si 0x00000012 pop esi 0x00000013 pushfd 0x00000014 jmp 00007FF1610B8685h 0x00000019 jmp 00007FF1610B867Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov dword ptr [esp], esi 0x00000023 jmp 00007FF1610B8686h 0x00000028 mov esi, dword ptr [ebp+0Ch] 0x0000002b jmp 00007FF1610B8680h 0x00000030 test esi, esi 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 jmp 00007FF1610B867Ah 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A099D second address: 55A09A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A09A1 second address: 55A09A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A09A7 second address: 55A0A18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D070Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FF1D15BE104h 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FF1610D070Eh 0x00000016 add ecx, 0F7ABB18h 0x0000001c jmp 00007FF1610D070Bh 0x00000021 popfd 0x00000022 call 00007FF1610D0718h 0x00000027 movzx eax, bx 0x0000002a pop edx 0x0000002b popad 0x0000002c cmp dword ptr [75AF459Ch], 05h 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 mov dx, EB9Ah 0x0000003a jmp 00007FF1610D070Bh 0x0000003f popad 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0A18 second address: 55A0A93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FF1610B867Fh 0x00000009 sbb cl, FFFFFFEEh 0x0000000c jmp 00007FF1610B8689h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007FF1610B8680h 0x00000018 add ecx, 140BF168h 0x0000001e jmp 00007FF1610B867Bh 0x00000023 popfd 0x00000024 popad 0x00000025 pop edx 0x00000026 pop eax 0x00000027 je 00007FF1D15BE09Fh 0x0000002d jmp 00007FF1610B8686h 0x00000032 xchg eax, esi 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push ebx 0x00000037 pop esi 0x00000038 pushad 0x00000039 popad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0A93 second address: 55A0AB7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610D0714h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bx, cx 0x00000010 mov ax, 2F1Fh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0AB7 second address: 55A0B0C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FF1610B8685h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007FF1610B8683h 0x00000013 and esi, 569414CEh 0x00000019 jmp 00007FF1610B8689h 0x0000001e popfd 0x0000001f movzx ecx, dx 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0B0C second address: 55A0B29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FF1610D0719h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0B6E second address: 55A0B74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0B74 second address: 55A0B78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0B78 second address: 55A0B7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0BD0 second address: 55A0BD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0BD6 second address: 55A0BE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 pushad 0x0000000a push edx 0x0000000b mov edi, esi 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A0BE8 second address: 55A0BEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 10E6C80 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 10C56E9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 11418B0 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F18CF8 rdtsc 0_2_00F18CF8
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 3332 Thread sleep time: -34017s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3304 Thread sleep time: -150000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2364 Thread sleep time: -30000s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: file.exe, file.exe, 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: discord.comVMware20,11696428655f
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: global block list test formVMware20,11696428655
Source: file.exe, 00000000.00000003.2112105362.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2280254483.000000000167E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2279008440.000000000167E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: outlook.office.comVMware20,11696428655s
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: AMC password management pageVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: tasks.office.comVMware20,11696428655o
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: dev.azure.comVMware20,11696428655j
Source: file.exe, 00000000.00000002.2280194256.000000000161E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWP
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000003.2112105362.0000000005F3C000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: YNVMware
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: file.exe, 00000000.00000002.2280254483.000000000167E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2279008440.000000000167E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWL
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: file.exe, 00000000.00000003.2112299309.0000000005F2F000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F18CF8 rdtsc 0_2_00F18CF8
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EFB480 LdrInitializeThunk, 0_2_00EFB480
Source: file.exe, file.exe, 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 0ms`Program Manager
Source: file.exe, 00000000.00000002.2279773113.000000000109C000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: o0ms`Program Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: file.exe, 00000000.00000003.2199711013.00000000016FF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2199762679.0000000001704000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Source: file.exe, 00000000.00000003.2279294350.00000000016D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2279208809.00000000016D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2280434751.00000000016D5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2272354307.00000000016D5000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: er\MsMpeng.exe
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 4208, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
Found many strings related to Crypto-Wallets (likely being stolen)
Source: file.exe, 00000000.00000002.2280254483.000000000167E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Wallets/Electrum
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: s/ElectronCash
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Jaxx Liberty209715
Source: file.exe, 00000000.00000002.2280254483.000000000167E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: window-state.json
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: Chrome/Default/Extensions/ExodusWeb3yance
Source: file.exe, 00000000.00000003.2089565968.00000000016DA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: g\Ethereum
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe, 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: keystore
Tries to harvest and steal browser information (history, passwords, etc)
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cert9.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\abogmiocnneedmmepnohnhlijcjpcifd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.json Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\key4.db Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao Jump to behavior
Tries to harvest and steal ftp login credentials
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPbox Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPGetter Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPInfo Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\ProgramData\SiteDesigner\3D-FTP Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\FTPRush Jump to behavior
Tries to steal Crypto Currency Wallets
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Ledger Live Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Binance Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB Jump to behavior
Searches for user specific document files
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\BJZFPPWAPT Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\BJZFPPWAPT Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\BJZFPPWAPT Jump to behavior
Source: C:\Users\user\Desktop\file.exe Directory queried: C:\Users\user\Documents\BJZFPPWAPT Jump to behavior
Yara detected Credential Stealer
Source: Yara match File source: 00000000.00000003.2089970639.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2112827223.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2089565968.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2174142658.00000000016EA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2134348789.00000000016DB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2111788836.00000000016DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2174167356.00000000016F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2134730644.00000000016DC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.2171451535.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: file.exe PID: 4208, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: Process Memory Space: file.exe PID: 4208, type: MEMORYSTR
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1572085 Sample: file.exe Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 10 atten-supporse.biz 2->10 14 Suricata IDS alerts for network traffic 2->14 16 Found malware configuration 2->16 18 Antivirus detection for URL or domain 2->18 20 8 other signatures 2->20 6 file.exe 2->6         started        signatures3 process4 dnsIp5 12 atten-supporse.biz 104.21.64.1, 443, 49704, 49705 CLOUDFLARENETUS United States 6->12 22 Detected unpacking (changes PE section rights) 6->22 24 Query firmware table information (likely to detect VMs) 6->24 26 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->26 28 9 other signatures 6->28 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.64.1
 atten-supporse.biz United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
atten-supporse.biz 104.21.64.1 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
dare-curbys.biz false
    		high
    impend-differ.biz false
      		high
      covery-mover.biz false
        		high
        https://atten-supporse.biz/api false
          		high
          dwell-exclaim.biz false
            		high
            zinc-sneark.biz false
              		high
              formy-spill.biz false
                		high
                atten-supporse.biz false
                  		high
                  se-blurry.biz false
                    		high
                    print-vexer.biz false
                      		high