Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1526904
MD5:	b6ef24e90b59608f2b6765e5f07ad8e3
SHA1:	b3b4539c0c6bf4027df6a9bac4a84afa51ca105c
SHA256:	5b8c002435003ad4e6a178b9aaef6e398d6491ff080857550deb71fbfefb3a9d
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.6100.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["spirittunek.stor", "mobbipenju.stor", "bathdoomgaz.stor", "clearancek.site", "eaglepawnoy.stor", "studennotediw.stor", "dissapoiznw.stor", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF50FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00ABD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00ABD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00AF63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF5700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00AF99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00AF695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00ABFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00AF6094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00AC6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00AEF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00AB1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00AF4040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00ADD1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00AC42FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00AD2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00AD2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00ABA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00AF64B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00ACB410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00ADC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00AF1440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00ACD457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00AF7520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00AC6536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AD9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00AEB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADD7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00AF67EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00AF7710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00AD28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00AB49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00AF3920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00ACD961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AC1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AC1A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00AF4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00AB5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00AE0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00AC1BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00AC3BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00ACDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00ACDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00AF9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00ADAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00ADAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00AF9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00AEFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00AD7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00ADEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF8D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00ADFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00AB6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00AC6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00ABBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00AC1E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00AC0EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00AC4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AD7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AD5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00ADAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00AC6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00AF7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00ACFFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00AF5FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00AB8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AD9F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AEFF70

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:57909 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:55805 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:65336 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:53670 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:63037 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:59721 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:53801 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:61232 -> 1.1.1.1:53

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: spirittunek.stor
Source: Malware configuration extractor	URLs: mobbipenju.stor
Source: Malware configuration extractor	URLs: bathdoomgaz.stor
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: eaglepawnoy.stor
Source: Malware configuration extractor	URLs: studennotediw.stor
Source: Malware configuration extractor	URLs: dissapoiznw.stor
Source: Malware configuration extractor	URLs: licendfilteo.site

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: /login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https:/ equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=55ee334b130c2eef734da2b0; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25489Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 06 Oct 2024 15:48:04 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bathdoomgaz.store:443/api
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/apibcryptPrimitives.dll
Source: file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=engli
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dissapoiznw.store:443/apiW
Source: file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mobbipenju.store:443/api
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spirittunek.store:443/api
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/g
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/p
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000002.1759661432.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.00000000005E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900p
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900_
Source: file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
Source: file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC0228	0_2_00AC0228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFA0D0	0_2_00AFA0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC2030	0_2_00AC2030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB1000	0_2_00AB1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4040	0_2_00AF4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7	0_2_00C791C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABE1A0	0_2_00ABE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB71F0	0_2_00AB71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74103	0_2_00C74103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB5160	0_2_00AB5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA92FE	0_2_00BA92FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB12F7	0_2_00AB12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE82D0	0_2_00AE82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE12D0	0_2_00AE12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB13A3	0_2_00AB13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABB3A0	0_2_00ABB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE23E0	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABA300	0_2_00ABA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4487	0_2_00AC4487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC049B	0_2_00AC049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE64F0	0_2_00AE64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C88446	0_2_00C88446
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBF40E	0_2_00BBF40E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC470	0_2_00ADC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB35B0	0_2_00AB35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D515F5	0_2_00D515F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACC5F0	0_2_00ACC5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF86F0	0_2_00AF86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C776AA	0_2_00C776AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEF620	0_2_00AEF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0F601	0_2_00C0F601
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB164F	0_2_00AB164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8652	0_2_00AF8652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C807C4	0_2_00C807C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4725	0_2_00BE4725
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEE8A0	0_2_00AEE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C818FB	0_2_00C818FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD78DA	0_2_00BD78DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEB8C0	0_2_00AEB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE1860	0_2_00AE1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9983D	0_2_00D9983D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF89A0	0_2_00AF89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD098B	0_2_00AD098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B349C3	0_2_00B349C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4E93D	0_2_00B4E93D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86935	0_2_00C86935
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE9ACD	0_2_00CE9ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF7AB0	0_2_00AF7AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8A80	0_2_00AF8A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8BA24	0_2_00C8BA24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4A40	0_2_00AF4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB7BF0	0_2_00AB7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACDB6F	0_2_00ACDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF6CBF	0_2_00AF6CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C75C84	0_2_00C75C84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADCCD0	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8C02	0_2_00AF8C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADDD29	0_2_00ADDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADFD10	0_2_00ADFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD8D62	0_2_00AD8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC6EBF	0_2_00AC6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABBEB0	0_2_00ABBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4E2A	0_2_00AC4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8E70	0_2_00AF8E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADAE57	0_2_00ADAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF7FC0	0_2_00AF7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB8FD0	0_2_00AB8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABAF10	0_2_00ABAF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C84F0F	0_2_00C84F0F

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00ACD300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00ABCAA0 appears 48 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9996067966171617
Source: file.exe	Static PE information: Section: psmjilnq ZLIB complexity 0.993955830667956

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@9/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AE8220 CoCreateInstance,

0_2_00AE8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 1890816 > 1048576

Source: file.exe

Static PE information: Raw size of psmjilnq is bigger than: 0x100000 < 0x1a4200

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.ab0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;psmjilnq:EW;fwpdehgj:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;psmjilnq:EW;fwpdehgj:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1cf52f should be: 0x1db74e

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: psmjilnq
Source: file.exe	Static PE information: section name: fwpdehgj
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE30C5 push 7FAAED32h; mov dword ptr [esp], ebx	0_2_00CE30D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD0E8 push eax; mov dword ptr [esp], 1FDE62F2h	0_2_00BFD0FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD0E8 push ecx; mov dword ptr [esp], esi	0_2_00BFD198
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD0E8 push 0E1849C4h; mov dword ptr [esp], ecx	0_2_00BFD1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D960BA push ebx; mov dword ptr [esp], edx	0_2_00D960FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5E0A1 push ebp; mov dword ptr [esp], edx	0_2_00D5E0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5E0A1 push 42844BFFh; mov dword ptr [esp], edi	0_2_00D5E115
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D51071 push esi; mov dword ptr [esp], edi	0_2_00D51117
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D51071 push 22B602B0h; mov dword ptr [esp], ebx	0_2_00D51131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEE06B push ebp; mov dword ptr [esp], eax	0_2_00CEE0A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2501B push eax; mov dword ptr [esp], edx	0_2_00D25040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2501B push edx; mov dword ptr [esp], ecx	0_2_00D2505C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D76007 push 3F6DD215h; mov dword ptr [esp], esi	0_2_00D760A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 4D79080Dh; mov dword ptr [esp], edx	0_2_00C7922D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ecx; mov dword ptr [esp], esi	0_2_00C79272
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push edx; mov dword ptr [esp], edi	0_2_00C792F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push esi; mov dword ptr [esp], 66CA1803h	0_2_00C79338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push esi; mov dword ptr [esp], eax	0_2_00C7941E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 2838B974h; mov dword ptr [esp], edi	0_2_00C79444
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ecx; mov dword ptr [esp], eax	0_2_00C794E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 59B12189h; mov dword ptr [esp], esp	0_2_00C794EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ecx; mov dword ptr [esp], ebx	0_2_00C79530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 0BC444EBh; mov dword ptr [esp], eax	0_2_00C795A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ebp; mov dword ptr [esp], esi	0_2_00C795B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push edx; mov dword ptr [esp], edi	0_2_00C795D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push eax; mov dword ptr [esp], ebp	0_2_00C795EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 223118A5h; mov dword ptr [esp], eax	0_2_00C79639
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ebp; mov dword ptr [esp], 5A95CC42h	0_2_00C79642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 484C72CAh; mov dword ptr [esp], esi	0_2_00C79656
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ebx; mov dword ptr [esp], 668C6272h	0_2_00C79668
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push edi; mov dword ptr [esp], edx	0_2_00C796C6

Source: file.exe	Static PE information: section name: entropy: 7.9848772918639925
Source: file.exe	Static PE information: section name: psmjilnq entropy: 7.954517052404453

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9258D second address: C92593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C92593 second address: C9259C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9259C second address: C925A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C918D4 second address: C918D9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C918D9 second address: C918DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91B62 second address: C91B68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CA4 second address: C91CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F7D80D626BFh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CB8 second address: C91CCD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7D81146DDCh 0x00000008 jns 00007F7D81146DD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CCD second address: C91CDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jl 00007F7D80D626B6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CDA second address: C91CDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CDF second address: C91CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CE7 second address: C91CED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C949E2 second address: C94A4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F7D80D626BBh 0x00000012 mov eax, dword ptr [eax] 0x00000014 jmp 00007F7D80D626C3h 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d push edi 0x0000001e jl 00007F7D80D626BCh 0x00000024 jo 00007F7D80D626B6h 0x0000002a pop edi 0x0000002b pop eax 0x0000002c mov ecx, 072D6171h 0x00000031 lea ebx, dword ptr [ebp+124547E1h] 0x00000037 mov dword ptr [ebp+122D39B2h], edi 0x0000003d mov si, di 0x00000040 xchg eax, ebx 0x00000041 jl 00007F7D80D626C4h 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94A4C second address: C94A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F7D81146DD6h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94A5D second address: C94A6B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7D80D626B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C899E0 second address: C899EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7D81146DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C899EA second address: C899EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C899EE second address: C89A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7D81146DE0h 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4135 second address: CB4146 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D80D626BBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4146 second address: CB414A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB414A second address: CB414E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB414E second address: CB4154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB42C1 second address: CB42CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB42CB second address: CB42CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB485E second address: CB4862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4B5E second address: CB4B7D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F7D81146DDAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4B7D second address: CB4B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7D80D626B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4B87 second address: CB4B99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4B99 second address: CB4BA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007F7D80D626B6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4E44 second address: CB4E4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4FA6 second address: CB4FB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F7D80D626BCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4FB6 second address: CB4FBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4FBA second address: CB5016 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7D80D626C9h 0x00000010 pushad 0x00000011 jmp 00007F7D80D626BDh 0x00000016 push edx 0x00000017 pop edx 0x00000018 jo 00007F7D80D626B6h 0x0000001e jmp 00007F7D80D626C0h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB514E second address: CB5156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C78D15 second address: C78D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7D80D626B6h 0x0000000a pushad 0x0000000b jmp 00007F7D80D626BFh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5272 second address: CB52A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F7D81146DE0h 0x0000000b popad 0x0000000c pop ebx 0x0000000d pushad 0x0000000e pushad 0x0000000f jno 00007F7D81146DD6h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jmp 00007F7D81146DDBh 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB52A4 second address: CB52AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7D80D626B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB52AE second address: CB52C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5852 second address: CB5856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5856 second address: CB5884 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE4h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F7D81146DE4h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5884 second address: CB5888 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5888 second address: CB588E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5B09 second address: CB5B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jnl 00007F7D80D626C6h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7D80D626C4h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CA1 second address: CB5CA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CA5 second address: CB5CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F7D80D626B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CB3 second address: CB5CBD instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7D81146DD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CBD second address: CB5CC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CC3 second address: CB5CC8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5F97 second address: CB5FA1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7D80D626B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5FA1 second address: CB5FCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F7D81146DE9h 0x0000000c jbe 00007F7D81146DD6h 0x00000012 ja 00007F7D81146DD6h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5FCE second address: CB6001 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C9h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7D80D626C4h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6001 second address: CB600B instructions: 0x00000000 rdtsc 0x00000002 js 00007F7D81146DD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C84A0D second address: C84A32 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7D80D626B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c jnp 00007F7D80D626B6h 0x00000012 jmp 00007F7D80D626BDh 0x00000017 pop ebx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD88E second address: CBD899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F7D81146DD6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBDF32 second address: CBDF36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBE13D second address: CBE142 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C864AC second address: C864B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0E55 second address: CC0E82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE5h 0x00000007 jmp 00007F7D81146DE0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0E82 second address: CC0E87 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0E87 second address: CC0E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0E8D second address: CC0E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC1179 second address: CC118F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC118F second address: CC119E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC119E second address: CC11A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC11A2 second address: CC11B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7D80D626B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F7D80D626B6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC11B6 second address: CC11C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F7D81146DD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC2CC6 second address: CC2CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC2CCE second address: CC2CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4C3E second address: CC4C42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC58B5 second address: CC58BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6660 second address: CC666A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7D80D626B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6FC9 second address: CC6FDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DE1h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6FDF second address: CC6FE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC82E4 second address: CC82E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6FE5 second address: CC6FE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC82E9 second address: CC82F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F7D81146DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC82F3 second address: CC82F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCA408 second address: CCA427 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCA1FB second address: CCA216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D80D626C7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC96FE second address: CC9703 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCA427 second address: CCA42B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC9703 second address: CC9727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jnp 00007F7D81146DE3h 0x0000000f jmp 00007F7D81146DDDh 0x00000014 push eax 0x00000015 push edx 0x00000016 jns 00007F7D81146DD6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCA42B second address: CCA42F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCF188 second address: CCF18D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2EFD second address: CD2F01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2F01 second address: CD2F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3F6F second address: CD3F8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD1FF3 second address: CD1FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD30F5 second address: CD30F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD30F9 second address: CD318C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edx 0x0000000a call 00007F7D81146DD8h 0x0000000f pop edx 0x00000010 mov dword ptr [esp+04h], edx 0x00000014 add dword ptr [esp+04h], 0000001Dh 0x0000001c inc edx 0x0000001d push edx 0x0000001e ret 0x0000001f pop edx 0x00000020 ret 0x00000021 mov bh, 66h 0x00000023 push dword ptr fs:[00000000h] 0x0000002a mov ebx, dword ptr [ebp+122D5AF5h] 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F7D81146DD8h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 00000014h 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 stc 0x00000052 mov eax, dword ptr [ebp+122D071Dh] 0x00000058 jnl 00007F7D81146DDCh 0x0000005e movsx edi, ax 0x00000061 push FFFFFFFFh 0x00000063 add bl, 0000000Ch 0x00000066 push eax 0x00000067 jnp 00007F7D81146DF3h 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007F7D81146DE1h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD318C second address: CD3190 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD60AB second address: CD60B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F7D81146DD6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6EA2 second address: CD6EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6EAE second address: CD6EB4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD60B8 second address: CD6158 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jc 00007F7D80D626BCh 0x00000013 xor ebx, dword ptr [ebp+122D19F2h] 0x00000019 push dword ptr fs:[00000000h] 0x00000020 and bh, 00000078h 0x00000023 jmp 00007F7D80D626C1h 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f mov dword ptr [ebp+122D1AEDh], esi 0x00000035 call 00007F7D80D626C8h 0x0000003a pop edi 0x0000003b mov eax, dword ptr [ebp+122D1191h] 0x00000041 push 00000000h 0x00000043 push ebx 0x00000044 call 00007F7D80D626B8h 0x00000049 pop ebx 0x0000004a mov dword ptr [esp+04h], ebx 0x0000004e add dword ptr [esp+04h], 00000018h 0x00000056 inc ebx 0x00000057 push ebx 0x00000058 ret 0x00000059 pop ebx 0x0000005a ret 0x0000005b mov ebx, dword ptr [ebp+12482E5Fh] 0x00000061 push FFFFFFFFh 0x00000063 mov edi, 067C8F9Bh 0x00000068 push eax 0x00000069 push ecx 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6158 second address: CD615C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9036 second address: CD903C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD819D second address: CD81A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD903C second address: CD90B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 je 00007F7D80D626B6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jng 00007F7D80D626BEh 0x00000015 push eax 0x00000016 jc 00007F7D80D626B6h 0x0000001c pop eax 0x0000001d nop 0x0000001e push 00000000h 0x00000020 push ebp 0x00000021 call 00007F7D80D626B8h 0x00000026 pop ebp 0x00000027 mov dword ptr [esp+04h], ebp 0x0000002b add dword ptr [esp+04h], 0000001Dh 0x00000033 inc ebp 0x00000034 push ebp 0x00000035 ret 0x00000036 pop ebp 0x00000037 ret 0x00000038 mov dword ptr [ebp+12453598h], ecx 0x0000003e push 00000000h 0x00000040 mov edi, dword ptr [ebp+122D39FDh] 0x00000046 push 00000000h 0x00000048 mov bl, EAh 0x0000004a xchg eax, esi 0x0000004b push ecx 0x0000004c jmp 00007F7D80D626C3h 0x00000051 pop ecx 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 je 00007F7D80D626B8h 0x0000005b pushad 0x0000005c popad 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDA04A second address: CDA04E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDA04E second address: CDA057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDA057 second address: CDA0CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F7D81146DDEh 0x0000000c nop 0x0000000d mov ebx, 0A06A3BAh 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007F7D81146DD8h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 0000001Dh 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e mov dword ptr [ebp+12480C29h], ebx 0x00000034 push 00000000h 0x00000036 mov di, 3D41h 0x0000003a xchg eax, esi 0x0000003b pushad 0x0000003c push eax 0x0000003d jp 00007F7D81146DD6h 0x00000043 pop eax 0x00000044 push ecx 0x00000045 jmp 00007F7D81146DDEh 0x0000004a pop ecx 0x0000004b popad 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f jnl 00007F7D81146DDCh 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDA0CF second address: CDA0D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDBF68 second address: CDC02E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F7D81146DD8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 mov di, 6653h 0x00000028 call 00007F7D81146DDDh 0x0000002d call 00007F7D81146DE9h 0x00000032 mov edi, dword ptr [ebp+122D190Dh] 0x00000038 pop ebx 0x00000039 pop edi 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007F7D81146DD8h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 0000001Bh 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 push 00000000h 0x00000058 mov bx, di 0x0000005b xchg eax, esi 0x0000005c jmp 00007F7D81146DE6h 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 jmp 00007F7D81146DDDh 0x0000006a jnp 00007F7D81146DD6h 0x00000070 popad 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB252 second address: CDB269 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F7D80D626B6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB269 second address: CDB291 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7D81146DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7D81146DE8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB291 second address: CDB297 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB297 second address: CDB2B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D81146DE7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD92B7 second address: CD92BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE0E0 second address: CDE0E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE0E5 second address: CDE11D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7D80D626C2h 0x00000008 jmp 00007F7D80D626C9h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD26C second address: CDD270 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD270 second address: CDD315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F7D80D626BCh 0x0000000c popad 0x0000000d nop 0x0000000e mov edi, edx 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F7D80D626B8h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000014h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 jmp 00007F7D80D626C1h 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d push 00000000h 0x0000003f push ebp 0x00000040 call 00007F7D80D626B8h 0x00000045 pop ebp 0x00000046 mov dword ptr [esp+04h], ebp 0x0000004a add dword ptr [esp+04h], 0000001Ah 0x00000052 inc ebp 0x00000053 push ebp 0x00000054 ret 0x00000055 pop ebp 0x00000056 ret 0x00000057 add bl, 0000007Dh 0x0000005a mov eax, dword ptr [ebp+122D0635h] 0x00000060 jmp 00007F7D80D626C0h 0x00000065 push FFFFFFFFh 0x00000067 jmp 00007F7D80D626C1h 0x0000006c push eax 0x0000006d push edi 0x0000006e push eax 0x0000006f push edx 0x00000070 push edx 0x00000071 pop edx 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC20D second address: CDC218 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F7D81146DD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE32B second address: CDE32F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE32F second address: CDE355 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2143 second address: CE2152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F7D80D626B6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2152 second address: CE2156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2156 second address: CE215A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE215A second address: CE2160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CFA5 second address: C8CFA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CFA9 second address: C8CFCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE0h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7D81146DDEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7DD4F second address: C7DD6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C5h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9607 second address: CE960B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE976C second address: CE9772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9772 second address: CE9776 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9776 second address: CE978A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626BEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEC1B7 second address: CEC1BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF065A second address: CF0681 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7D80D626C6h 0x00000008 jmp 00007F7D80D626C0h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 je 00007F7D80D626BCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0681 second address: CF0689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0689 second address: CF068D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF068D second address: CF06A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7D81146DE0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0779 second address: CF077F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF077F second address: CF0783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0783 second address: CF0787 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF08E8 second address: CF0956 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F7D81146DE6h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jne 00007F7D81146DDEh 0x00000019 mov eax, dword ptr [eax] 0x0000001b jnl 00007F7D81146DE4h 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F7D81146DE4h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0956 second address: CF0960 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7D80D626B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8B524 second address: C8B52E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F7D81146DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8B52E second address: C8B54E instructions: 0x00000000 rdtsc 0x00000002 je 00007F7D80D626B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F7D80D626C0h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF5307 second address: CF5311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF58D7 second address: CF58E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF58E1 second address: CF58E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF5CFE second address: CF5D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626BEh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF6265 second address: CF6271 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7D81146DD6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE5F3 second address: CFE5FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7D80D626B6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE767 second address: CFE7A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jng 00007F7D81146DEEh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jbe 00007F7D81146DD6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE7A4 second address: CFE7A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE8E3 second address: CFE8EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE8EE second address: CFE90A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626C8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEC3A second address: CFEC3F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE2ED second address: CFE2F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE2F6 second address: CFE312 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F7D81146DE5h 0x00000008 pop ecx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE312 second address: CFE32A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F7D80D626B6h 0x00000012 jp 00007F7D80D626B6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE32A second address: CFE352 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDDh 0x00000007 jbe 00007F7D81146DD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F7D81146DDEh 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF075 second address: CFF079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF079 second address: CFF089 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jbe 00007F7D81146DD6h 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF089 second address: CFF0A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D80D626C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF1FB second address: CFF20E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7D81146DDDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF367 second address: CFF36C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF36C second address: CFF382 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D81146DE2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF639 second address: CFF63D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF63D second address: CFF658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DDBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jnc 00007F7D81146DD6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF658 second address: CFF66A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626BEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF66A second address: CFF699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F7D81146DDAh 0x0000000c push edx 0x0000000d pop edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F7D81146DE7h 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF699 second address: CFF6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF6A0 second address: CFF6B6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7D81146DDCh 0x00000008 jo 00007F7D81146DDEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0418D second address: D041B3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jne 00007F7D80D626B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F7D80D626BEh 0x00000012 popad 0x00000013 jnp 00007F7D80D626C0h 0x00000019 push edx 0x0000001a push eax 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04469 second address: D0446F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04739 second address: D0473F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04878 second address: D0489D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7D81146DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F7D81146DEBh 0x00000010 jmp 00007F7D81146DE5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0489D second address: D048A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F7D80D626B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D048A8 second address: D048B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jl 00007F7D81146DF1h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D048B7 second address: D04906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626C5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F7D80D626C7h 0x00000011 jmp 00007F7D80D626C7h 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04A63 second address: D04A6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F7D81146DD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04D01 second address: D04D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04D07 second address: D04D1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DE1h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04D1D second address: D04D23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04D23 second address: D04D38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 js 00007F7D81146DD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jl 00007F7D81146DD6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04D38 second address: D04D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7D80D626B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CABADC second address: CABAE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CABAE0 second address: CABAE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CABAE4 second address: CABAEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82F8D second address: C82FAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F7D80D626B6h 0x00000009 jmp 00007F7D80D626C4h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82FAC second address: C82FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a js 00007F7D81146DDCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82FBE second address: C82FCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7D80D626BEh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03D0B second address: D03D34 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7D81146DDEh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jne 00007F7D81146DD6h 0x00000010 push esi 0x00000011 jmp 00007F7D81146DE6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0847B second address: D08492 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D9E2 second address: D0D9E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D9E6 second address: D0DA19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7D80D626C4h 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jc 00007F7D80D626B6h 0x00000015 pop edx 0x00000016 jnc 00007F7D80D626BEh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0DA19 second address: D0DA34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D81146DE5h 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD6F1 second address: CCD6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDD47 second address: CCDD86 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F7D81146DE4h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 47EF91FBh 0x00000012 mov cx, 79CDh 0x00000016 push ecx 0x00000017 pushad 0x00000018 mov ecx, 7E957AB7h 0x0000001d push edx 0x0000001e pop ecx 0x0000001f popad 0x00000020 pop edi 0x00000021 push 4F9648D7h 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jns 00007F7D81146DD6h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDD86 second address: CCDD8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDD8A second address: CCDD90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDEE3 second address: CCDEEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F7D80D626B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDEEE second address: CCDF27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, esi 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007F7D81146DD8h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F7D81146DDAh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE032 second address: CCE046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jl 00007F7D80D626C8h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE046 second address: CCE04A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE04A second address: CCE04E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE1E2 second address: CCE206 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F7D81146DD8h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F7D81146DDFh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE206 second address: CCE20B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE9B2 second address: CCEA00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jg 00007F7D81146DDEh 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007F7D81146DE2h 0x00000019 mov eax, dword ptr [eax] 0x0000001b jmp 00007F7D81146DDCh 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push ecx 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCEA92 second address: CCEAB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F7D80D626BAh 0x0000000c nop 0x0000000d lea eax, dword ptr [ebp+1248D47Eh] 0x00000013 mov ecx, dword ptr [ebp+122D24ADh] 0x00000019 nop 0x0000001a push ecx 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCEAB5 second address: CCEAC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCEAC0 second address: CABADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 xor ecx, dword ptr [ebp+122D2C4Fh] 0x0000000d lea eax, dword ptr [ebp+1248D43Ah] 0x00000013 jmp 00007F7D80D626BBh 0x00000018 push eax 0x00000019 jmp 00007F7D80D626BBh 0x0000001e mov dword ptr [esp], eax 0x00000021 jmp 00007F7D80D626C7h 0x00000026 call dword ptr [ebp+122D5A7Eh] 0x0000002c js 00007F7D80D626E7h 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F7D80D626BBh 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D112C4 second address: D112E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7D81146DE9h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1155D second address: D11561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D11561 second address: D1156C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1156C second address: D11572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D11AD3 second address: D11ADE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jno 00007F7D81146DD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D149D1 second address: D149D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D149D5 second address: D149F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F7D81146DD6h 0x0000000e jmp 00007F7D81146DE5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D172DF second address: D172EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7D80D626B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D172EB second address: D172F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 js 00007F7D81146DD6h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D172F8 second address: D17300 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C1C4 second address: D1C1C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C2FF second address: D1C305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C305 second address: D1C309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C309 second address: D1C319 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7D80D626B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C4A3 second address: D1C4A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FDDF second address: D1FDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jmp 00007F7D80D626C3h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FDFC second address: D1FE04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2048E second address: D20492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D20492 second address: D20496 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D205E3 second address: D205E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75727 second address: C7572D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D250A2 second address: D250A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D250A8 second address: D250AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D250AC second address: D250B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D250B2 second address: D250D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jnl 00007F7D81146DDEh 0x00000011 pushad 0x00000012 je 00007F7D81146DD6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25233 second address: D25242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jo 00007F7D80D626BCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25389 second address: D2538F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2538F second address: D253AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jbe 00007F7D80D626B6h 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 js 00007F7D80D626B6h 0x0000001c pop edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2551C second address: D25522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25522 second address: D2553D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7D80D626BAh 0x00000008 pushad 0x00000009 jo 00007F7D80D626B6h 0x0000000f jg 00007F7D80D626B6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26556 second address: D26560 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7D81146DD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F666 second address: D2F679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626BFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D80B second address: D2D823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DE4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D823 second address: D2D83E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F7D80D626B6h 0x00000009 jnl 00007F7D80D626B6h 0x0000000f jc 00007F7D80D626B6h 0x00000015 popad 0x00000016 push edx 0x00000017 push edi 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D998 second address: D2D99C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D99C second address: D2D9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F7D80D626BCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2DDF2 second address: D2DDF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E5F9 second address: D2E60B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7D80D626B8h 0x00000008 jc 00007F7D80D626C2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E60B second address: D2E611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E8C6 second address: D2E8F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F7D80D626D1h 0x0000000b popad 0x0000000c pushad 0x0000000d jng 00007F7D80D626BCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EE1D second address: D2EE39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jno 00007F7D81146DD6h 0x0000000c popad 0x0000000d jnp 00007F7D81146DDCh 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EE39 second address: D2EE43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F2DC second address: D2F2F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F2F1 second address: D2F2FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F2FA second address: D2F300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F300 second address: D2F31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7D80D626B6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F7D80D626BEh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30D08 second address: D30D20 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F7D81146DDDh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30D20 second address: D30D24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34C51 second address: D34C55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34C55 second address: D34C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D33F11 second address: D33F21 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7D81146DD6h 0x00000008 jno 00007F7D81146DD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D340C1 second address: D340C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D340C7 second address: D340CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34241 second address: D34245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34545 second address: D34549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34549 second address: D3455F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7D80D626BAh 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D396F1 second address: D396FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4054F second address: D40553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40553 second address: D40571 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F7D81146DD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F7D81146DE2h 0x00000012 push edx 0x00000013 pop edx 0x00000014 jmp 00007F7D81146DDAh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40571 second address: D4057B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7D80D626BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4057B second address: D40586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40586 second address: D4058C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4058C second address: D40597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7D81146DD6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40597 second address: D405B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D80D626C8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D405B5 second address: D405B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40BEB second address: D40BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40BEF second address: D40C29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE2h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7D81146DE3h 0x0000000e jmp 00007F7D81146DE1h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40F14 second address: D40F18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41318 second address: D4131C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41A77 second address: D41A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41A8F second address: D41A93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42206 second address: D4220C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4B7D1 second address: D4B7D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4B98F second address: D4B993 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D591DC second address: D5920D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DE0h 0x00000009 pop esi 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7D81146DE2h 0x00000013 je 00007F7D81146DD6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5B974 second address: D5B9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F7D80D626CBh 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7D80D626C1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E162 second address: D5E167 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E167 second address: D5E186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pushad 0x00000008 jmp 00007F7D80D626C5h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E186 second address: D5E18C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64121 second address: D6412E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F7D80D626BCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DD94 second address: D6DDB2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007F7D81146DD6h 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007F7D81146DD6h 0x00000018 ja 00007F7D81146DD6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DDB2 second address: D6DDB8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DDB8 second address: D6DDD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE8h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DDD5 second address: D6DDDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DBE3 second address: D6DC13 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7D81146DD6h 0x00000008 jng 00007F7D81146DD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jg 00007F7D81146DEAh 0x00000016 pop edi 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DC13 second address: D6DC19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D752A9 second address: D752B3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7D81146DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D752B3 second address: D752D8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7D80D626CAh 0x00000008 jmp 00007F7D80D626C2h 0x0000000d push eax 0x0000000e pop eax 0x0000000f push ecx 0x00000010 jnl 00007F7D80D626B6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D75440 second address: D75444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79662 second address: D79666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97B96 second address: D97B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97B9C second address: D97BA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97BA0 second address: D97BBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97D23 second address: D97D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97D29 second address: D97D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DE8h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F7D81146DDBh 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97D58 second address: D97D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0A85 second address: DB0A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DDFh 0x00000009 pop ecx 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0A9F second address: DB0AB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F7D80D626B6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB1373 second address: DB1378 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB17B6 second address: DB17D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7D80D626BFh 0x00000008 jnl 00007F7D80D626B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB197C second address: DB1981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB784E second address: DB7852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7852 second address: DB78C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F7D81146DE0h 0x0000000c jng 00007F7D81146DD6h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007F7D81146DDDh 0x0000001a nop 0x0000001b pushad 0x0000001c or esi, dword ptr [ebp+122D1A07h] 0x00000022 popad 0x00000023 push dword ptr [ebp+1246703Eh] 0x00000029 call 00007F7D81146DE9h 0x0000002e sub edx, dword ptr [ebp+1250DD0Bh] 0x00000034 pop edx 0x00000035 call 00007F7D81146DD9h 0x0000003a je 00007F7D81146DF2h 0x00000040 pushad 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB78C0 second address: DB78FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626C4h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F7D80D626C1h 0x00000014 popad 0x00000015 pop edx 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB78FA second address: DB790D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7D81146DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB790D second address: DB7939 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F7D80D626BCh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7D80D626C4h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB92EA second address: DB92EF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8EB3 second address: DB8ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push ebx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7D80D626C5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8ED8 second address: DB8EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF0F second address: DBAF1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F7D80D626B6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF1E second address: DBAF22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF22 second address: DBAF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F7D80D626B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF38 second address: DBAF3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF3E second address: DBAF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF46 second address: DBAF4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90C47 second address: 4A90CC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b jmp 00007F7D80D626BEh 0x00000010 jns 00007F7D80D626F0h 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F7D80D626BEh 0x0000001d or cx, 6AD8h 0x00000022 jmp 00007F7D80D626BBh 0x00000027 popfd 0x00000028 mov ax, FD8Fh 0x0000002c popad 0x0000002d add eax, ecx 0x0000002f jmp 00007F7D80D626C2h 0x00000034 mov eax, dword ptr [eax+00000860h] 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F7D80D626C7h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90CC7 second address: 4A90CCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90CCD second address: 4A90CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90CD1 second address: 4A90CD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90CD5 second address: 4A90CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edx, ecx 0x0000000f mov ebx, eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90CE7 second address: 4A90D69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7D81146DE7h 0x00000009 jmp 00007F7D81146DE3h 0x0000000e popfd 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 je 00007F7DF22ACE1Ah 0x0000001a pushad 0x0000001b mov bh, ah 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F7D81146DDDh 0x00000024 sub al, 00000046h 0x00000027 jmp 00007F7D81146DE1h 0x0000002c popfd 0x0000002d mov dx, cx 0x00000030 popad 0x00000031 popad 0x00000032 test byte ptr [eax+04h], 00000005h 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F7D81146DE4h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90D69 second address: 4A90D6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90D6D second address: 4A90D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90D73 second address: 4A90D79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90D79 second address: 4A90D7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC722F second address: CC723D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnl 00007F7D80D626B6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC746A second address: CC7489 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7489 second address: CC7493 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7D80D626B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B115A6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D51B2B instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1760026620.0000000000C99000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.1738065074.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759661432.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.000000000058E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.1738065074.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759661432.00000000005F5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW]
Source: file.exe, 00000000.00000002.1760026620.0000000000C99000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF5BB0 LdrInitializeThunk,

0_2_00AF5BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor

Source: file.exe, 00000000.00000002.1760026620.0000000000C99000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: GProgram Manager
Source: file.exe	Binary or memory string: Y!GProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	false

Contacted Domains

Name	IP	Active
steamcommunity.com	104.102.49.254	true
eaglepawnoy.store	unknown	unknown
bathdoomgaz.store	unknown	unknown
spirittunek.store	unknown	unknown
licendfilteo.site	unknown	unknown
studennotediw.store	unknown	unknown
mobbipenju.store	unknown	unknown
clearancek.site	unknown	unknown
dissapoiznw.store	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
studennotediw.stor	true		unknown
spirittunek.stor	true		unknown
eaglepawnoy.stor	true		unknown
clearancek.site	true		unknown
mobbipenju.stor	true		unknown
https://steamcommunity.com/profiles/76561199724331900	true	URL Reputation: malware	unknown
licendfilteo.site	true		unknown
bathdoomgaz.stor	true		unknown
dissapoiznw.stor	true		unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.6100.0.memstrmin

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.stor
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1759989830.0000000000AB1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF50FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00ABD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00ABD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00AF63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF5700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00AF99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00AF695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00ABFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00AF6094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00AC6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00AEF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00AB1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00AF4040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00ADD1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00AC42FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00AD2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00AD2260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00ABA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00AF64B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADE40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00ACB410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00ADC470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00AF1440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00ACD457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00AF7520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00AC6536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AD9510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADE66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00AEB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADD7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00AF67EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00AF7710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00AD28E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00AB49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00AF3920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00ACD961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AC1ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AC1A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00AF4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00AB5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00AE0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00AC1BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00AC3BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00ACDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00ACDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00AF9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00ADAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00ADAC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00AF9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00AEFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00AD7C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00ADEC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF8D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00ADDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00ADFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00AB6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00AC6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00ABBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00AC1E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00AC0EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00AC4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00AD7E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AD5E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00ADAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00AC6F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00AF7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AF7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00ACFFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00AF5FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00AB8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00AD9F62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00AEFF70

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:57909 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:55805 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:65336 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:53670 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:63037 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:59721 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:53801 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:61232 -> 1.1.1.1:53

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: spirittunek.stor
Source: Malware configuration extractor	URLs: mobbipenju.stor
Source: Malware configuration extractor	URLs: bathdoomgaz.stor
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: eaglepawnoy.stor
Source: Malware configuration extractor	URLs: studennotediw.stor
Source: Malware configuration extractor	URLs: dissapoiznw.stor
Source: Malware configuration extractor	URLs: licendfilteo.site

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Uses a known web browser user agent for HTTP communication

Source: global traffic

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: /login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https:/ equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f50a3169fe2a0b7ef0; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=55ee334b130c2eef734da2b0; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type25489Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveSun, 06 Oct 2024 15:48:04 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com

Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bathdoomgaz.store:443/api
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/apibcryptPrimitives.dll
Source: file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/fatalerror.css?v=wctRWaBvNt2z&l=engli
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=AeTz
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://dissapoiznw.store:443/apiW
Source: file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://mobbipenju.store:443/api
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spirittunek.store:443/api
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com
Source: file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/g
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.00000000005C5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/p
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000002.1759661432.00000000005E7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.00000000005E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900p
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.1759661432.00000000005CF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005CF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900_
Source: file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7Cd7fb65801182a5f
Source: file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.1737990607.000000000064A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738165903.00000000005C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.000000000064D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738030808.0000000000641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.1737990607.0000000000642000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759749334.000000000062A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1738065074.000000000062A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC0228	0_2_00AC0228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AFA0D0	0_2_00AFA0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC2030	0_2_00AC2030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB1000	0_2_00AB1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4040	0_2_00AF4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7	0_2_00C791C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABE1A0	0_2_00ABE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB71F0	0_2_00AB71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74103	0_2_00C74103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB5160	0_2_00AB5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA92FE	0_2_00BA92FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB12F7	0_2_00AB12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE82D0	0_2_00AE82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE12D0	0_2_00AE12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB13A3	0_2_00AB13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABB3A0	0_2_00ABB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE23E0	0_2_00AE23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABA300	0_2_00ABA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4487	0_2_00AC4487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC049B	0_2_00AC049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE64F0	0_2_00AE64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C88446	0_2_00C88446
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBF40E	0_2_00BBF40E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADC470	0_2_00ADC470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB35B0	0_2_00AB35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D515F5	0_2_00D515F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACC5F0	0_2_00ACC5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF86F0	0_2_00AF86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C776AA	0_2_00C776AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEF620	0_2_00AEF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C0F601	0_2_00C0F601
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB164F	0_2_00AB164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8652	0_2_00AF8652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C807C4	0_2_00C807C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BE4725	0_2_00BE4725
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEE8A0	0_2_00AEE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C818FB	0_2_00C818FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BD78DA	0_2_00BD78DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AEB8C0	0_2_00AEB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AE1860	0_2_00AE1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D9983D	0_2_00D9983D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF89A0	0_2_00AF89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD098B	0_2_00AD098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B349C3	0_2_00B349C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4E93D	0_2_00B4E93D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C86935	0_2_00C86935
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE9ACD	0_2_00CE9ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF7AB0	0_2_00AF7AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8A80	0_2_00AF8A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C8BA24	0_2_00C8BA24
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF4A40	0_2_00AF4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB7BF0	0_2_00AB7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ACDB6F	0_2_00ACDB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF6CBF	0_2_00AF6CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C75C84	0_2_00C75C84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADCCD0	0_2_00ADCCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8C02	0_2_00AF8C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADDD29	0_2_00ADDD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADFD10	0_2_00ADFD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AD8D62	0_2_00AD8D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC6EBF	0_2_00AC6EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABBEB0	0_2_00ABBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AC4E2A	0_2_00AC4E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF8E70	0_2_00AF8E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ADAE57	0_2_00ADAE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AF7FC0	0_2_00AF7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00AB8FD0	0_2_00AB8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00ABAF10	0_2_00ABAF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C84F0F	0_2_00C84F0F

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00ACD300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00ABCAA0 appears 48 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9996067966171617
Source: file.exe	Static PE information: Section: psmjilnq ZLIB complexity 0.993955830667956

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@9/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AE8220 CoCreateInstance,

0_2_00AE8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior

Source: file.exe

Static file information: File size 1890816 > 1048576

Source: file.exe

Static PE information: Raw size of psmjilnq is bigger than: 0x100000 < 0x1a4200

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.ab0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;psmjilnq:EW;fwpdehgj:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;psmjilnq:EW;fwpdehgj:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1cf52f should be: 0x1db74e

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: psmjilnq
Source: file.exe	Static PE information: section name: fwpdehgj
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE30C5 push 7FAAED32h; mov dword ptr [esp], ebx	0_2_00CE30D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD0E8 push eax; mov dword ptr [esp], 1FDE62F2h	0_2_00BFD0FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD0E8 push ecx; mov dword ptr [esp], esi	0_2_00BFD198
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BFD0E8 push 0E1849C4h; mov dword ptr [esp], ecx	0_2_00BFD1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D960BA push ebx; mov dword ptr [esp], edx	0_2_00D960FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5E0A1 push ebp; mov dword ptr [esp], edx	0_2_00D5E0F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D5E0A1 push 42844BFFh; mov dword ptr [esp], edi	0_2_00D5E115
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D51071 push esi; mov dword ptr [esp], edi	0_2_00D51117
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D51071 push 22B602B0h; mov dword ptr [esp], ebx	0_2_00D51131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CEE06B push ebp; mov dword ptr [esp], eax	0_2_00CEE0A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2501B push eax; mov dword ptr [esp], edx	0_2_00D25040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D2501B push edx; mov dword ptr [esp], ecx	0_2_00D2505C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D76007 push 3F6DD215h; mov dword ptr [esp], esi	0_2_00D760A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 4D79080Dh; mov dword ptr [esp], edx	0_2_00C7922D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ecx; mov dword ptr [esp], esi	0_2_00C79272
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push edx; mov dword ptr [esp], edi	0_2_00C792F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push esi; mov dword ptr [esp], 66CA1803h	0_2_00C79338
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push esi; mov dword ptr [esp], eax	0_2_00C7941E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 2838B974h; mov dword ptr [esp], edi	0_2_00C79444
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ecx; mov dword ptr [esp], eax	0_2_00C794E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 59B12189h; mov dword ptr [esp], esp	0_2_00C794EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ecx; mov dword ptr [esp], ebx	0_2_00C79530
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 0BC444EBh; mov dword ptr [esp], eax	0_2_00C795A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ebp; mov dword ptr [esp], esi	0_2_00C795B1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push edx; mov dword ptr [esp], edi	0_2_00C795D3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push eax; mov dword ptr [esp], ebp	0_2_00C795EF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 223118A5h; mov dword ptr [esp], eax	0_2_00C79639
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ebp; mov dword ptr [esp], 5A95CC42h	0_2_00C79642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push 484C72CAh; mov dword ptr [esp], esi	0_2_00C79656
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push ebx; mov dword ptr [esp], 668C6272h	0_2_00C79668
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C791C7 push edi; mov dword ptr [esp], edx	0_2_00C796C6

Source: file.exe	Static PE information: section name: entropy: 7.9848772918639925
Source: file.exe	Static PE information: section name: psmjilnq entropy: 7.954517052404453

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9258D second address: C92593 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C92593 second address: C9259C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9259C second address: C925A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C918D4 second address: C918D9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C918D9 second address: C918DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91B62 second address: C91B68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CA4 second address: C91CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F7D80D626BFh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CB8 second address: C91CCD instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7D81146DDCh 0x00000008 jns 00007F7D81146DD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CCD second address: C91CDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jl 00007F7D80D626B6h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CDA second address: C91CDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CDF second address: C91CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C91CE7 second address: C91CED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C949E2 second address: C94A4C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F7D80D626BBh 0x00000012 mov eax, dword ptr [eax] 0x00000014 jmp 00007F7D80D626C3h 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d push edi 0x0000001e jl 00007F7D80D626BCh 0x00000024 jo 00007F7D80D626B6h 0x0000002a pop edi 0x0000002b pop eax 0x0000002c mov ecx, 072D6171h 0x00000031 lea ebx, dword ptr [ebp+124547E1h] 0x00000037 mov dword ptr [ebp+122D39B2h], edi 0x0000003d mov si, di 0x00000040 xchg eax, ebx 0x00000041 jl 00007F7D80D626C4h 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94A4C second address: C94A5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F7D81146DD6h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C94A5D second address: C94A6B instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7D80D626B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C899E0 second address: C899EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7D81146DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C899EA second address: C899EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C899EE second address: C89A09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7D81146DE0h 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4135 second address: CB4146 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D80D626BBh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4146 second address: CB414A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB414A second address: CB414E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB414E second address: CB4154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB42C1 second address: CB42CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB42CB second address: CB42CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB485E second address: CB4862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4B5E second address: CB4B7D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F7D81146DDAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4B7D second address: CB4B87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7D80D626B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4B87 second address: CB4B99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4B99 second address: CB4BA6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007F7D80D626B6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4E44 second address: CB4E4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4FA6 second address: CB4FB6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jc 00007F7D80D626BCh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4FB6 second address: CB4FBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB4FBA second address: CB5016 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7D80D626C9h 0x00000010 pushad 0x00000011 jmp 00007F7D80D626BDh 0x00000016 push edx 0x00000017 pop edx 0x00000018 jo 00007F7D80D626B6h 0x0000001e jmp 00007F7D80D626C0h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB514E second address: CB5156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C78D15 second address: C78D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7D80D626B6h 0x0000000a pushad 0x0000000b jmp 00007F7D80D626BFh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5272 second address: CB52A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F7D81146DE0h 0x0000000b popad 0x0000000c pop ebx 0x0000000d pushad 0x0000000e pushad 0x0000000f jno 00007F7D81146DD6h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jmp 00007F7D81146DDBh 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB52A4 second address: CB52AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7D80D626B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB52AE second address: CB52C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5852 second address: CB5856 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5856 second address: CB5884 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE4h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F7D81146DE4h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5884 second address: CB5888 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5888 second address: CB588E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5B09 second address: CB5B3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jnl 00007F7D80D626C6h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7D80D626C4h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CA1 second address: CB5CA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CA5 second address: CB5CB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 js 00007F7D80D626B6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CB3 second address: CB5CBD instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7D81146DD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CBD second address: CB5CC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CC3 second address: CB5CC8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5F97 second address: CB5FA1 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7D80D626B6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5FA1 second address: CB5FCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F7D81146DE9h 0x0000000c jbe 00007F7D81146DD6h 0x00000012 ja 00007F7D81146DD6h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5FCE second address: CB6001 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C9h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7D80D626C4h 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB6001 second address: CB600B instructions: 0x00000000 rdtsc 0x00000002 js 00007F7D81146DD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C84A0D second address: C84A32 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7D80D626B8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c jnp 00007F7D80D626B6h 0x00000012 jmp 00007F7D80D626BDh 0x00000017 pop ebx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD88E second address: CBD899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F7D81146DD6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBDF32 second address: CBDF36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBE13D second address: CBE142 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C864AC second address: C864B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0E55 second address: CC0E82 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE5h 0x00000007 jmp 00007F7D81146DE0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0E82 second address: CC0E87 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0E87 second address: CC0E8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0E8D second address: CC0E97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC1179 second address: CC118F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC118F second address: CC119E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC119E second address: CC11A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC11A2 second address: CC11B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7D80D626B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F7D80D626B6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC11B6 second address: CC11C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F7D81146DD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC2CC6 second address: CC2CCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC2CCE second address: CC2CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4C3E second address: CC4C42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC58B5 second address: CC58BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6660 second address: CC666A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7D80D626B6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6FC9 second address: CC6FDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DE1h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6FDF second address: CC6FE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC82E4 second address: CC82E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6FE5 second address: CC6FE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC82E9 second address: CC82F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F7D81146DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC82F3 second address: CC82F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCA408 second address: CCA427 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCA1FB second address: CCA216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D80D626C7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC96FE second address: CC9703 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCA427 second address: CCA42B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC9703 second address: CC9727 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jnp 00007F7D81146DE3h 0x0000000f jmp 00007F7D81146DDDh 0x00000014 push eax 0x00000015 push edx 0x00000016 jns 00007F7D81146DD6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCA42B second address: CCA42F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCF188 second address: CCF18D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2EFD second address: CD2F01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2F01 second address: CD2F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3F6F second address: CD3F8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD1FF3 second address: CD1FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD30F5 second address: CD30F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD30F9 second address: CD318C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push edx 0x0000000a call 00007F7D81146DD8h 0x0000000f pop edx 0x00000010 mov dword ptr [esp+04h], edx 0x00000014 add dword ptr [esp+04h], 0000001Dh 0x0000001c inc edx 0x0000001d push edx 0x0000001e ret 0x0000001f pop edx 0x00000020 ret 0x00000021 mov bh, 66h 0x00000023 push dword ptr fs:[00000000h] 0x0000002a mov ebx, dword ptr [ebp+122D5AF5h] 0x00000030 mov dword ptr fs:[00000000h], esp 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F7D81146DD8h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 00000014h 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 stc 0x00000052 mov eax, dword ptr [ebp+122D071Dh] 0x00000058 jnl 00007F7D81146DDCh 0x0000005e movsx edi, ax 0x00000061 push FFFFFFFFh 0x00000063 add bl, 0000000Ch 0x00000066 push eax 0x00000067 jnp 00007F7D81146DF3h 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007F7D81146DE1h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD318C second address: CD3190 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD60AB second address: CD60B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F7D81146DD6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6EA2 second address: CD6EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6EAE second address: CD6EB4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD60B8 second address: CD6158 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d jc 00007F7D80D626BCh 0x00000013 xor ebx, dword ptr [ebp+122D19F2h] 0x00000019 push dword ptr fs:[00000000h] 0x00000020 and bh, 00000078h 0x00000023 jmp 00007F7D80D626C1h 0x00000028 mov dword ptr fs:[00000000h], esp 0x0000002f mov dword ptr [ebp+122D1AEDh], esi 0x00000035 call 00007F7D80D626C8h 0x0000003a pop edi 0x0000003b mov eax, dword ptr [ebp+122D1191h] 0x00000041 push 00000000h 0x00000043 push ebx 0x00000044 call 00007F7D80D626B8h 0x00000049 pop ebx 0x0000004a mov dword ptr [esp+04h], ebx 0x0000004e add dword ptr [esp+04h], 00000018h 0x00000056 inc ebx 0x00000057 push ebx 0x00000058 ret 0x00000059 pop ebx 0x0000005a ret 0x0000005b mov ebx, dword ptr [ebp+12482E5Fh] 0x00000061 push FFFFFFFFh 0x00000063 mov edi, 067C8F9Bh 0x00000068 push eax 0x00000069 push ecx 0x0000006a push eax 0x0000006b push edx 0x0000006c push eax 0x0000006d push edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD6158 second address: CD615C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD9036 second address: CD903C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD819D second address: CD81A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD903C second address: CD90B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 je 00007F7D80D626B6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jng 00007F7D80D626BEh 0x00000015 push eax 0x00000016 jc 00007F7D80D626B6h 0x0000001c pop eax 0x0000001d nop 0x0000001e push 00000000h 0x00000020 push ebp 0x00000021 call 00007F7D80D626B8h 0x00000026 pop ebp 0x00000027 mov dword ptr [esp+04h], ebp 0x0000002b add dword ptr [esp+04h], 0000001Dh 0x00000033 inc ebp 0x00000034 push ebp 0x00000035 ret 0x00000036 pop ebp 0x00000037 ret 0x00000038 mov dword ptr [ebp+12453598h], ecx 0x0000003e push 00000000h 0x00000040 mov edi, dword ptr [ebp+122D39FDh] 0x00000046 push 00000000h 0x00000048 mov bl, EAh 0x0000004a xchg eax, esi 0x0000004b push ecx 0x0000004c jmp 00007F7D80D626C3h 0x00000051 pop ecx 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 je 00007F7D80D626B8h 0x0000005b pushad 0x0000005c popad 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDA04A second address: CDA04E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDA04E second address: CDA057 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDA057 second address: CDA0CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F7D81146DDEh 0x0000000c nop 0x0000000d mov ebx, 0A06A3BAh 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push ecx 0x00000017 call 00007F7D81146DD8h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], ecx 0x00000021 add dword ptr [esp+04h], 0000001Dh 0x00000029 inc ecx 0x0000002a push ecx 0x0000002b ret 0x0000002c pop ecx 0x0000002d ret 0x0000002e mov dword ptr [ebp+12480C29h], ebx 0x00000034 push 00000000h 0x00000036 mov di, 3D41h 0x0000003a xchg eax, esi 0x0000003b pushad 0x0000003c push eax 0x0000003d jp 00007F7D81146DD6h 0x00000043 pop eax 0x00000044 push ecx 0x00000045 jmp 00007F7D81146DDEh 0x0000004a pop ecx 0x0000004b popad 0x0000004c push eax 0x0000004d push eax 0x0000004e push edx 0x0000004f jnl 00007F7D81146DDCh 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDA0CF second address: CDA0D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDBF68 second address: CDC02E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F7D81146DD8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 0000001Ch 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 mov di, 6653h 0x00000028 call 00007F7D81146DDDh 0x0000002d call 00007F7D81146DE9h 0x00000032 mov edi, dword ptr [ebp+122D190Dh] 0x00000038 pop ebx 0x00000039 pop edi 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push edi 0x0000003f call 00007F7D81146DD8h 0x00000044 pop edi 0x00000045 mov dword ptr [esp+04h], edi 0x00000049 add dword ptr [esp+04h], 0000001Bh 0x00000051 inc edi 0x00000052 push edi 0x00000053 ret 0x00000054 pop edi 0x00000055 ret 0x00000056 push 00000000h 0x00000058 mov bx, di 0x0000005b xchg eax, esi 0x0000005c jmp 00007F7D81146DE6h 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 jmp 00007F7D81146DDDh 0x0000006a jnp 00007F7D81146DD6h 0x00000070 popad 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB252 second address: CDB269 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F7D80D626B6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB269 second address: CDB291 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7D81146DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7D81146DE8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB291 second address: CDB297 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB297 second address: CDB2B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D81146DE7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD92B7 second address: CD92BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE0E0 second address: CDE0E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE0E5 second address: CDE11D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7D80D626C2h 0x00000008 jmp 00007F7D80D626C9h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD26C second address: CDD270 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD270 second address: CDD315 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F7D80D626BCh 0x0000000c popad 0x0000000d nop 0x0000000e mov edi, edx 0x00000010 push dword ptr fs:[00000000h] 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F7D80D626B8h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000014h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 jmp 00007F7D80D626C1h 0x00000036 mov dword ptr fs:[00000000h], esp 0x0000003d push 00000000h 0x0000003f push ebp 0x00000040 call 00007F7D80D626B8h 0x00000045 pop ebp 0x00000046 mov dword ptr [esp+04h], ebp 0x0000004a add dword ptr [esp+04h], 0000001Ah 0x00000052 inc ebp 0x00000053 push ebp 0x00000054 ret 0x00000055 pop ebp 0x00000056 ret 0x00000057 add bl, 0000007Dh 0x0000005a mov eax, dword ptr [ebp+122D0635h] 0x00000060 jmp 00007F7D80D626C0h 0x00000065 push FFFFFFFFh 0x00000067 jmp 00007F7D80D626C1h 0x0000006c push eax 0x0000006d push edi 0x0000006e push eax 0x0000006f push edx 0x00000070 push edx 0x00000071 pop edx 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDC20D second address: CDC218 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F7D81146DD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE32B second address: CDE32F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDE32F second address: CDE355 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2143 second address: CE2152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F7D80D626B6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2152 second address: CE2156 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2156 second address: CE215A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE215A second address: CE2160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CFA5 second address: C8CFA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8CFA9 second address: C8CFCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE0h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7D81146DDEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7DD4F second address: C7DD6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C5h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9607 second address: CE960B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE976C second address: CE9772 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9772 second address: CE9776 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE9776 second address: CE978A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626BEh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEC1B7 second address: CEC1BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF065A second address: CF0681 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7D80D626C6h 0x00000008 jmp 00007F7D80D626C0h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 je 00007F7D80D626BCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0681 second address: CF0689 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0689 second address: CF068D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF068D second address: CF06A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7D81146DE0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0779 second address: CF077F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF077F second address: CF0783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0783 second address: CF0787 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF08E8 second address: CF0956 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F7D81146DE6h 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jne 00007F7D81146DDEh 0x00000019 mov eax, dword ptr [eax] 0x0000001b jnl 00007F7D81146DE4h 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F7D81146DE4h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0956 second address: CF0960 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7D80D626B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8B524 second address: C8B52E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F7D81146DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8B52E second address: C8B54E instructions: 0x00000000 rdtsc 0x00000002 je 00007F7D80D626B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F7D80D626C0h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF5307 second address: CF5311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF58D7 second address: CF58E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF58E1 second address: CF58E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF5CFE second address: CF5D12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626BEh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF6265 second address: CF6271 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7D81146DD6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE5F3 second address: CFE5FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7D80D626B6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE767 second address: CFE7A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jng 00007F7D81146DEEh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jbe 00007F7D81146DD6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE7A4 second address: CFE7A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE8E3 second address: CFE8EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ecx 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE8EE second address: CFE90A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626C8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEC3A second address: CFEC3F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE2ED second address: CFE2F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE2F6 second address: CFE312 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F7D81146DE5h 0x00000008 pop ecx 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE312 second address: CFE32A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F7D80D626B6h 0x00000012 jp 00007F7D80D626B6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE32A second address: CFE352 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDDh 0x00000007 jbe 00007F7D81146DD6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F7D81146DDEh 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF075 second address: CFF079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF079 second address: CFF089 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jbe 00007F7D81146DD6h 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF089 second address: CFF0A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D80D626C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF1FB second address: CFF20E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7D81146DDDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF367 second address: CFF36C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF36C second address: CFF382 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D81146DE2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF639 second address: CFF63D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF63D second address: CFF658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DDBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jnc 00007F7D81146DD6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF658 second address: CFF66A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626BEh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF66A second address: CFF699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F7D81146DDAh 0x0000000c push edx 0x0000000d pop edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F7D81146DE7h 0x00000018 pushad 0x00000019 pushad 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF699 second address: CFF6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFF6A0 second address: CFF6B6 instructions: 0x00000000 rdtsc 0x00000002 je 00007F7D81146DDCh 0x00000008 jo 00007F7D81146DDEh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0418D second address: D041B3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jne 00007F7D80D626B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jns 00007F7D80D626BEh 0x00000012 popad 0x00000013 jnp 00007F7D80D626C0h 0x00000019 push edx 0x0000001a push eax 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04469 second address: D0446F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04739 second address: D0473F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04878 second address: D0489D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7D81146DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a je 00007F7D81146DEBh 0x00000010 jmp 00007F7D81146DE5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0489D second address: D048A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F7D80D626B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D048A8 second address: D048B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jl 00007F7D81146DF1h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D048B7 second address: D04906 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626C5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F7D80D626C7h 0x00000011 jmp 00007F7D80D626C7h 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04A63 second address: D04A6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F7D81146DD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04D01 second address: D04D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04D07 second address: D04D1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DE1h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04D1D second address: D04D23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04D23 second address: D04D38 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 js 00007F7D81146DD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jl 00007F7D81146DD6h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04D38 second address: D04D44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7D80D626B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CABADC second address: CABAE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CABAE0 second address: CABAE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CABAE4 second address: CABAEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82F8D second address: C82FAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F7D80D626B6h 0x00000009 jmp 00007F7D80D626C4h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82FAC second address: C82FBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a js 00007F7D81146DDCh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C82FBE second address: C82FCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7D80D626BEh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D03D0B second address: D03D34 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7D81146DDEh 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jne 00007F7D81146DD6h 0x00000010 push esi 0x00000011 jmp 00007F7D81146DE6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0847B second address: D08492 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626C3h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D9E2 second address: D0D9E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0D9E6 second address: D0DA19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7D80D626C4h 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jc 00007F7D80D626B6h 0x00000015 pop edx 0x00000016 jnc 00007F7D80D626BEh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0DA19 second address: D0DA34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D81146DE5h 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD6F1 second address: CCD6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDD47 second address: CCDD86 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F7D81146DE4h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b add dword ptr [esp], 47EF91FBh 0x00000012 mov cx, 79CDh 0x00000016 push ecx 0x00000017 pushad 0x00000018 mov ecx, 7E957AB7h 0x0000001d push edx 0x0000001e pop ecx 0x0000001f popad 0x00000020 pop edi 0x00000021 push 4F9648D7h 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a jns 00007F7D81146DD6h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDD86 second address: CCDD8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDD8A second address: CCDD90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDEE3 second address: CCDEEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F7D80D626B6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDEEE second address: CCDF27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, esi 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007F7D81146DD8h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F7D81146DDAh 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE032 second address: CCE046 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a jl 00007F7D80D626C8h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE046 second address: CCE04A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE04A second address: CCE04E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE1E2 second address: CCE206 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F7D81146DD8h 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007F7D81146DDFh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE206 second address: CCE20B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE9B2 second address: CCEA00 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DDFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jg 00007F7D81146DDEh 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007F7D81146DE2h 0x00000019 mov eax, dword ptr [eax] 0x0000001b jmp 00007F7D81146DDCh 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push ecx 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCEA92 second address: CCEAB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F7D80D626BAh 0x0000000c nop 0x0000000d lea eax, dword ptr [ebp+1248D47Eh] 0x00000013 mov ecx, dword ptr [ebp+122D24ADh] 0x00000019 nop 0x0000001a push ecx 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCEAB5 second address: CCEAC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCEAC0 second address: CABADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 xor ecx, dword ptr [ebp+122D2C4Fh] 0x0000000d lea eax, dword ptr [ebp+1248D43Ah] 0x00000013 jmp 00007F7D80D626BBh 0x00000018 push eax 0x00000019 jmp 00007F7D80D626BBh 0x0000001e mov dword ptr [esp], eax 0x00000021 jmp 00007F7D80D626C7h 0x00000026 call dword ptr [ebp+122D5A7Eh] 0x0000002c js 00007F7D80D626E7h 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F7D80D626BBh 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D112C4 second address: D112E2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7D81146DE9h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1155D second address: D11561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D11561 second address: D1156C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1156C second address: D11572 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D11AD3 second address: D11ADE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jno 00007F7D81146DD6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D149D1 second address: D149D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D149D5 second address: D149F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F7D81146DD6h 0x0000000e jmp 00007F7D81146DE5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D172DF second address: D172EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7D80D626B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D172EB second address: D172F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 js 00007F7D81146DD6h 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D172F8 second address: D17300 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C1C4 second address: D1C1C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C2FF second address: D1C305 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C305 second address: D1C309 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C309 second address: D1C319 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7D80D626B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1C4A3 second address: D1C4A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FDDF second address: D1FDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 jmp 00007F7D80D626C3h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1FDFC second address: D1FE04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2048E second address: D20492 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D20492 second address: D20496 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D205E3 second address: D205E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C75727 second address: C7572D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D250A2 second address: D250A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D250A8 second address: D250AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D250AC second address: D250B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D250B2 second address: D250D4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jnl 00007F7D81146DDEh 0x00000011 pushad 0x00000012 je 00007F7D81146DD6h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25233 second address: D25242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jo 00007F7D80D626BCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25389 second address: D2538F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2538F second address: D253AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jbe 00007F7D80D626B6h 0x0000000e push edi 0x0000000f pop edi 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 js 00007F7D80D626B6h 0x0000001c pop edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2551C second address: D25522 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25522 second address: D2553D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7D80D626BAh 0x00000008 pushad 0x00000009 jo 00007F7D80D626B6h 0x0000000f jg 00007F7D80D626B6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26556 second address: D26560 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7D81146DD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F666 second address: D2F679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626BFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D80B second address: D2D823 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DE4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D823 second address: D2D83E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F7D80D626B6h 0x00000009 jnl 00007F7D80D626B6h 0x0000000f jc 00007F7D80D626B6h 0x00000015 popad 0x00000016 push edx 0x00000017 push edi 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D998 second address: D2D99C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D99C second address: D2D9AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F7D80D626BCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2DDF2 second address: D2DDF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E5F9 second address: D2E60B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7D80D626B8h 0x00000008 jc 00007F7D80D626C2h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E60B second address: D2E611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2E8C6 second address: D2E8F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F7D80D626D1h 0x0000000b popad 0x0000000c pushad 0x0000000d jng 00007F7D80D626BCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EE1D second address: D2EE39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jno 00007F7D81146DD6h 0x0000000c popad 0x0000000d jnp 00007F7D81146DDCh 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2EE39 second address: D2EE43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F2DC second address: D2F2F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F2F1 second address: D2F2FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F2FA second address: D2F300 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2F300 second address: D2F31D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7D80D626B6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F7D80D626BEh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30D08 second address: D30D20 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F7D81146DDDh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D30D20 second address: D30D24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34C51 second address: D34C55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34C55 second address: D34C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D33F11 second address: D33F21 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7D81146DD6h 0x00000008 jno 00007F7D81146DD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D340C1 second address: D340C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D340C7 second address: D340CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34241 second address: D34245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34545 second address: D34549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D34549 second address: D3455F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7D80D626BAh 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D396F1 second address: D396FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4054F second address: D40553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40553 second address: D40571 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F7D81146DD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F7D81146DE2h 0x00000012 push edx 0x00000013 pop edx 0x00000014 jmp 00007F7D81146DDAh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40571 second address: D4057B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7D80D626BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4057B second address: D40586 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40586 second address: D4058C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4058C second address: D40597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7D81146DD6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40597 second address: D405B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7D80D626C8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D405B5 second address: D405B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40BEB second address: D40BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40BEF second address: D40C29 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE2h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7D81146DE3h 0x0000000e jmp 00007F7D81146DE1h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40F14 second address: D40F18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41318 second address: D4131C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41A77 second address: D41A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626C4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41A8F second address: D41A93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42206 second address: D4220C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4B7D1 second address: D4B7D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4B98F second address: D4B993 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D591DC second address: D5920D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DE0h 0x00000009 pop esi 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7D81146DE2h 0x00000013 je 00007F7D81146DD6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5B974 second address: D5B9A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F7D80D626CBh 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7D80D626C1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E162 second address: D5E167 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E167 second address: D5E186 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pushad 0x00000008 jmp 00007F7D80D626C5h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5E186 second address: D5E18C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D64121 second address: D6412E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F7D80D626BCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DD94 second address: D6DDB2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007F7D81146DD6h 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007F7D81146DD6h 0x00000018 ja 00007F7D81146DD6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DDB2 second address: D6DDB8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DDB8 second address: D6DDD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE8h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DDD5 second address: D6DDDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DBE3 second address: D6DC13 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7D81146DD6h 0x00000008 jng 00007F7D81146DD6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jg 00007F7D81146DEAh 0x00000016 pop edi 0x00000017 push esi 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6DC13 second address: D6DC19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D752A9 second address: D752B3 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7D81146DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D752B3 second address: D752D8 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7D80D626CAh 0x00000008 jmp 00007F7D80D626C2h 0x0000000d push eax 0x0000000e pop eax 0x0000000f push ecx 0x00000010 jnl 00007F7D80D626B6h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D75440 second address: D75444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D79662 second address: D79666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97B96 second address: D97B9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97B9C second address: D97BA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97BA0 second address: D97BBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97D23 second address: D97D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97D29 second address: D97D58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DE8h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F7D81146DDBh 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D97D58 second address: D97D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0A85 second address: DB0A9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D81146DDFh 0x00000009 pop ecx 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0A9F second address: DB0AB1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F7D80D626B6h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB1373 second address: DB1378 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB17B6 second address: DB17D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7D80D626BFh 0x00000008 jnl 00007F7D80D626B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB197C second address: DB1981 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB784E second address: DB7852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7852 second address: DB78C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F7D81146DE0h 0x0000000c jng 00007F7D81146DD6h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 jmp 00007F7D81146DDDh 0x0000001a nop 0x0000001b pushad 0x0000001c or esi, dword ptr [ebp+122D1A07h] 0x00000022 popad 0x00000023 push dword ptr [ebp+1246703Eh] 0x00000029 call 00007F7D81146DE9h 0x0000002e sub edx, dword ptr [ebp+1250DD0Bh] 0x00000034 pop edx 0x00000035 call 00007F7D81146DD9h 0x0000003a je 00007F7D81146DF2h 0x00000040 pushad 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB78C0 second address: DB78FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7D80D626C4h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F7D80D626C1h 0x00000014 popad 0x00000015 pop edx 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB78FA second address: DB790D instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7D81146DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 push eax 0x00000011 pop eax 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB790D second address: DB7939 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F7D80D626BCh 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7D80D626C4h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB92EA second address: DB92EF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8EB3 second address: DB8ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push ebx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7D80D626C5h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8ED8 second address: DB8EDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF0F second address: DBAF1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F7D80D626B6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF1E second address: DBAF22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF22 second address: DBAF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F7D80D626B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pushad 0x00000011 popad 0x00000012 pop esi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF38 second address: DBAF3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF3E second address: DBAF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBAF46 second address: DBAF4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90C47 second address: 4A90CC7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D80D626BDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b jmp 00007F7D80D626BEh 0x00000010 jns 00007F7D80D626F0h 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F7D80D626BEh 0x0000001d or cx, 6AD8h 0x00000022 jmp 00007F7D80D626BBh 0x00000027 popfd 0x00000028 mov ax, FD8Fh 0x0000002c popad 0x0000002d add eax, ecx 0x0000002f jmp 00007F7D80D626C2h 0x00000034 mov eax, dword ptr [eax+00000860h] 0x0000003a push eax 0x0000003b push edx 0x0000003c jmp 00007F7D80D626C7h 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90CC7 second address: 4A90CCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90CCD second address: 4A90CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90CD1 second address: 4A90CD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90CD5 second address: 4A90CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov edx, ecx 0x0000000f mov ebx, eax 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90CE7 second address: 4A90D69 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F7D81146DE7h 0x00000009 jmp 00007F7D81146DE3h 0x0000000e popfd 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 je 00007F7DF22ACE1Ah 0x0000001a pushad 0x0000001b mov bh, ah 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F7D81146DDDh 0x00000024 sub al, 00000046h 0x00000027 jmp 00007F7D81146DE1h 0x0000002c popfd 0x0000002d mov dx, cx 0x00000030 popad 0x00000031 popad 0x00000032 test byte ptr [eax+04h], 00000005h 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F7D81146DE4h 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90D69 second address: 4A90D6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90D6D second address: 4A90D73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90D73 second address: 4A90D79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A90D79 second address: 4A90D7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC722F second address: CC723D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnl 00007F7D80D626B6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC746A second address: CC7489 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7D81146DE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7489 second address: CC7493 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7D80D626B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B115A6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D51B2B instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1760026620.0000000000C99000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.1738065074.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759661432.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759526066.000000000058E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.1738065074.00000000005F5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1759661432.00000000005F5000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW]
Source: file.exe, 00000000.00000002.1760026620.0000000000C99000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00AF5BB0 LdrInitializeThunk,

0_2_00AF5BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor

Source: file.exe, 00000000.00000002.1760026620.0000000000C99000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: GProgram Manager
Source: file.exe	Binary or memory string: Y!GProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

ID:	1526904
Product:	CloudBasic
Start time:	17:47:06
Start date:	06.10.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	b6ef24e90b59608f2b6765e5f07ad8e3
SHA1:	b3b4539c0c6bf4027df6a9bac4a84afa51ca105c
SHA256:	5b8c002435003ad4e6a178b9aaef6e398d6491ff080857550deb71fbfefb3a9d
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
file.exe

Malware Threat Intel
Provided by