Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1528371
MD5: 5d0beee43c279e20df593c949090fa0a
SHA1: 59ef176b2a0d1b8e54ab13f8a0e447104645b850
SHA256: c6c522da27129bc6298ff5286c6c271a7b7bf6ae7376cf7c4fc84dba2dfb8ca0
Tags: exeuser-Bitsight
Infos:

Detection

LummaC
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
LummaC encrypted strings found
Machine Learning detection for sample
PE file contains section with special chars
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Lumma Stealer, LummaC2 Stealer Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: https://steamcommunity.com/profiles/76561199724331900 URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/inventory/ URL Reputation: Label: malware
Found malware configuration
Source: file.exe.3040.0.memstrmin Malware Configuration Extractor: LummaC {"C2 url": ["studennotediw.stor", "eaglepawnoy.stor", "spirittunek.stor", "mobbipenju.stor", "dissapoiznw.stor", "bathdoomgaz.stor", "clearancek.site", "licendfilteo.site"], "Build id": "4SD0y4--legendaryy"}
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Sample uses string decryption to hide its real strings
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: clearancek.site
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: licendfilteo.site
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: spirittunek.stor
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: bathdoomgaz.stor
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: studennotediw.stor
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: dissapoiznw.stor
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: eaglepawnoy.stor
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: mobbipenju.stor
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: clearancek.site
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: Workgroup: -
Source: 00000000.00000002.2217302661.00000000003F1000.00000040.00000001.01000000.00000003.sdmp String decryptor: 4SD0y4--legendaryy
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49713 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_003FD110
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_003FD110
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh 0_2_004363B8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00435700
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h 0_2_0043695B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh 0_2_004399D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+04h] 0_2_003FFCA0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-10h] 0_2_00400EEC
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h 0_2_00434040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, dword ptr [edx] 0_2_003F1000
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+20h] 0_2_00406F91
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then dec ebx 0_2_0042F030
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00436094
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+0Ch] 0_2_0041D1E1
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], dx 0_2_00412260
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [esi], ax 0_2_00412260
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+04h] 0_2_004042FC
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebp, eax 0_2_003FA300
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_004223E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_004223E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_004223E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], al 0_2_004223E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+30h] 0_2_004223E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+14h] 0_2_004223E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx eax, word ptr [esi+ecx] 0_2_00431440
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_0040D457
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+0Ch] 0_2_0041C470
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0041E40C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov dword ptr [esp], 00000000h 0_2_0040B410
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh 0_2_004364B8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00419510
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh 0_2_00437520
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+04h] 0_2_00406536
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h] 0_2_003F8590
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_0042B650
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0041E66A
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, word ptr [edi+eax] 0_2_00437710
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+08h] 0_2_004367EF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0041D7AF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], dx 0_2_004128E9
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h 0_2_0040D961
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h 0_2_00433920
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esi+edi] 0_2_003F49A0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h 0_2_00434A40
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esi+ebx] 0_2_003F5A50
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00401A3C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00401ACD
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh 0_2_00439B60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+000006B8h] 0_2_0040DB6F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h 0_2_0040DB6F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+04h] 0_2_00403BE2
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+40h] 0_2_00401BEE
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_00420B80
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h 0_2_0041EC48
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h 0_2_00417C00
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh 0_2_0042FC20
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h 0_2_0041CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_0041CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h 0_2_0041CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00439CE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh 0_2_00439CE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_0041AC91
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [edx], ax 0_2_0041AC91
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh 0_2_0041FD10
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [ebp-14h] 0_2_0041DD29
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00438D8A
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, word ptr [ecx] 0_2_0041AE57
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00417E60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00415E70
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, ecx 0_2_00404E2A
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, word ptr [ebp+00h] 0_2_003FBEB0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [ecx+esi] 0_2_003F6EA0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+40h] 0_2_00401E93
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp byte ptr [ebx], 00000000h 0_2_00406EBF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp eax 0_2_00419F62
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_0042FF70
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h 0_2_00437FC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00437FC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_00435FD6
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [edx], 0000h 0_2_0040FFDF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esi+20h] 0_2_00406F91
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then jmp ecx 0_2_003F8FD0

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:63703 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:49546 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:61074 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:56178 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:55214 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:59587 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:49861 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:50478 -> 1.1.1.1:53
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.6:49713 -> 104.21.53.8:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.6:49713 -> 104.21.53.8:443
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor URLs: studennotediw.stor
Source: Malware configuration extractor URLs: eaglepawnoy.stor
Source: Malware configuration extractor URLs: spirittunek.stor
Source: Malware configuration extractor URLs: mobbipenju.stor
Source: Malware configuration extractor URLs: dissapoiznw.stor
Source: Malware configuration extractor URLs: bathdoomgaz.stor
Source: Malware configuration extractor URLs: clearancek.site
Source: Malware configuration extractor URLs: licendfilteo.site
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.21.53.8 104.21.53.8
Source: Joe Sandbox View IP Address: 104.102.49.254 104.102.49.254
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.ste equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: clearancek.site
Source: global traffic DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic DNS traffic detected: DNS query: studennotediw.store
Source: global traffic DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic DNS traffic detected: DNS query: spirittunek.store
Source: global traffic DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic DNS traffic detected: DNS query: sergei-esenin.com
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://avatars.akamai.steamstatic;
Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://bathdoomgaz.store:443/apiA
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://broadcast.st.dl.ecc
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://cdn.akamai.steamstatic.com/steamcommunity/public/as
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://clearancek.site:443/api
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.a
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.st
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.
Source: file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/publi
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/applications/community/main.css?v=Ev2sBLgkgyWJ&a
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/globalv2.css?v=PAcV2zMBzzSV&l=english
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/promo/summer2017/stickers.css?v=HA2Yr5oy3FFG&amp
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4Ok
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/header.css?v=NFoCa4OkAxRb&l=english
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/modalContentl
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/css/skin_1/profilev2.css?v=M_qL4gO2sKII&l=englis
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/libraries~b28b7af6
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/main.js?v=10oP_O2R
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/applications/community/manifest.js?v=cdfm
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/global.js?v=9OzcxMXbaV84&l=english
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalContent.js?v=f2hMA1v9Zkc8&l=engl
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=english
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/profile.js?v=f3vWO7swdDqp&l=l
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/sticker
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/promo/stickers.js?v=upl9NJ5D2xkP&l=en
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=e
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/javascript/webui/clientcom.js?v=qu55UpguGheU&l=e
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/buttons.css?v=PUJIfhtcQn7W&l=english
Source: file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/motiva_sans.css?v=-DH0xTYpnVe2&l=engl
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_global.css?v=ezWS9te9Zwm9&l=en
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/css/shared_responsive.css?v=sHIIcMzCffX6&
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/ja
Source: file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_re
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&amp
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEG
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_global.js?v=REEGJU1hwkYl&am
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSv
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2220685959.0000000005610000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://community.akamai.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://login.steampowered.com/;
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218168501.0000000000E27000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/CI
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218364928.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2199613296.0000000000E54000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com/kI
Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://sergei-esenin.com:443/api
Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://spirittunek.store:443/api
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.2218364928.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2199613296.0000000000E54000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218429199.0000000000E6B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000003.2199613296.0000000000E67000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218364928.0000000000E67000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: file.exe, 00000000.00000002.2218364928.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2199613296.0000000000E54000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/profiles/765611997243319007
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.ste
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.stea
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.2198620307.0000000000E6A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000002.2218168501.0000000000E3E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://studennotediw.store:443/api
Source: file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.gstatic.com/re
Source: file.exe, 00000000.00000003.2198239048.0000000005611000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000000.00000003.2198463962.0000000000EE6000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218561943.0000000000EAE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2200305257.0000000000EAD000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.youtube.com/
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49711 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.6:49713 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00400228 0_2_00400228
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00434040 0_2_00434040
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F1000 0_2_003F1000
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00402030 0_2_00402030
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043A0D0 0_2_0043A0D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F5160 0_2_003F5160
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FE1A0 0_2_003FE1A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F71F0 0_2_003F71F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004282D0 0_2_004282D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004212D0 0_2_004212D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F12F7 0_2_003F12F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FA300 0_2_003FA300
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F13A3 0_2_003F13A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FB3A0 0_2_003FB3A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004223E0 0_2_004223E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041C470 0_2_0041C470
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005AC4F4 0_2_005AC4F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004264F0 0_2_004264F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00404487 0_2_00404487
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040049B 0_2_0040049B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005BB545 0_2_005BB545
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005C0572 0_2_005C0572
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B6514 0_2_005B6514
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F35B0 0_2_003F35B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F8590 0_2_003F8590
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040C5F0 0_2_0040C5F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00438652 0_2_00438652
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042F620 0_2_0042F620
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F164F 0_2_003F164F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004386F0 0_2_004386F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B2729 0_2_005B2729
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00421860 0_2_00421860
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FA850 0_2_003FA850
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042B8C0 0_2_0042B8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042E8A0 0_2_0042E8A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A1946 0_2_004A1946
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005AA949 0_2_005AA949
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047E967 0_2_0047E967
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005AF913 0_2_005AF913
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005AF9CC 0_2_005AF9CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041098B 0_2_0041098B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004389A0 0_2_004389A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00434A40 0_2_00434A40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00438A80 0_2_00438A80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00437AB0 0_2_00437AB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040DB6F 0_2_0040DB6F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F7BF0 0_2_003F7BF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00438C02 0_2_00438C02
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B4C1D 0_2_005B4C1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041CCD0 0_2_0041CCD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00436CBF 0_2_00436CBF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00418D62 0_2_00418D62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041FD10 0_2_0041FD10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041DD29 0_2_0041DD29
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041AE57 0_2_0041AE57
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00438E70 0_2_00438E70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00404E2A 0_2_00404E2A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FBEB0 0_2_003FBEB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005ADEAB 0_2_005ADEAB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00406EBF 0_2_00406EBF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005BCF47 0_2_005BCF47
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FAF10 0_2_003FAF10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00544F62 0_2_00544F62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00437FC0 0_2_00437FC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B2FE8 0_2_005B2FE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F8FD0 0_2_003F8FD0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 003FCAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0040D300 appears 152 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9995487830033003
Source: file.exe Static PE information: Section: jvjsmpcp ZLIB complexity 0.9944149137409201
Source: classification engine Classification label: mal100.troj.evad.winEXE@1/0@10/2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00428220 CoCreateInstance, 0_2_00428220
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: file.exe Static file information: File size 1861632 > 1048576
Source: file.exe Static PE information: Raw size of jvjsmpcp is bigger than: 0x100000 < 0x19d000

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.3f0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;jvjsmpcp:EW;gwbnwyoc:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;jvjsmpcp:EW;gwbnwyoc:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1d4095 should be: 0x1cadbd
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .rsrc
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: jvjsmpcp
Source: file.exe Static PE information: section name: gwbnwyoc
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005EA079 push esi; mov dword ptr [esp], eax 0_2_005EA101
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00452007 push edx; mov dword ptr [esp], eax 0_2_0045222E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006310BD push 716BC2A3h; mov dword ptr [esp], edi 0_2_006310CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0062C164 push 6DB92B7Ch; mov dword ptr [esp], eax 0_2_0062C1CD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006A917B push 3AA6861Bh; mov dword ptr [esp], ebp 0_2_006A918F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00617123 push edx; mov dword ptr [esp], eax 0_2_00617520
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00617123 push 713B6EA6h; mov dword ptr [esp], eax 0_2_0061777B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0065C11E push esi; mov dword ptr [esp], 20D3456Dh 0_2_0065C25C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006EB1A8 push edx; mov dword ptr [esp], 4FBFFFD0h 0_2_006EB1D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006EB1A8 push ebx; mov dword ptr [esp], eax 0_2_006EB248
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0062D185 push ebp; mov dword ptr [esp], edi 0_2_0062D172
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0063D20C push ebx; mov dword ptr [esp], ecx 0_2_0063D2F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043F23B push edx; ret 0_2_0043F24B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0066421D push edx; mov dword ptr [esp], edi 0_2_00664227
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006402C8 push 72A235C0h; mov dword ptr [esp], eax 0_2_0064026A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006402C8 push 0FC70C12h; mov dword ptr [esp], ecx 0_2_00640335
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006692B6 push ecx; mov dword ptr [esp], eax 0_2_00669302
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0064037A push ebp; mov dword ptr [esp], edx 0_2_00640388
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0064037A push 728A15BBh; mov dword ptr [esp], ecx 0_2_00640428
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0062034C push 5565C531h; mov dword ptr [esp], ecx 0_2_006203D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0066D334 push edx; mov dword ptr [esp], 6BEFC390h 0_2_0066D353
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006C4312 push 148DE0D2h; mov dword ptr [esp], edx 0_2_006C4348
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006C4312 push edi; mov dword ptr [esp], esi 0_2_006C436C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006753AD push eax; mov dword ptr [esp], ecx 0_2_0067540E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006833B6 push 5B1D5779h; mov dword ptr [esp], ecx 0_2_006833E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006833B6 push 756E7876h; mov dword ptr [esp], edx 0_2_00683433
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00610390 push edx; mov dword ptr [esp], edi 0_2_006103B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00610390 push edx; mov dword ptr [esp], ebp 0_2_006103D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00610390 push edx; mov dword ptr [esp], eax 0_2_00610439
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0060147B push ebp; mov dword ptr [esp], 5FFBBFD0h 0_2_00601CD3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051046F push ecx; mov dword ptr [esp], esi 0_2_00510492
Source: file.exe Static PE information: section name: entropy: 7.97840910686373
Source: file.exe Static PE information: section name: jvjsmpcp entropy: 7.95452951026357

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C5F59 second address: 5C5F5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C5F5D second address: 5C5F63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C78FD second address: 5C7957 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jc 00007F65C0B38BE6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f pushad 0x00000010 mov dword ptr [ebp+122D1E37h], edi 0x00000016 mov edi, dword ptr [ebp+122D365Dh] 0x0000001c popad 0x0000001d push 00000000h 0x0000001f call 00007F65C0B38BE9h 0x00000024 ja 00007F65C0B38BF6h 0x0000002a jmp 00007F65C0B38BF0h 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F65C0B38BF7h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7957 second address: 5C795D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C795D second address: 5C7A27 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F65C0B38BFDh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push esi 0x0000000f jns 00007F65C0B38BF1h 0x00000015 pop esi 0x00000016 mov eax, dword ptr [eax] 0x00000018 pushad 0x00000019 pushad 0x0000001a jmp 00007F65C0B38BF3h 0x0000001f jmp 00007F65C0B38BF1h 0x00000024 popad 0x00000025 jl 00007F65C0B38BF5h 0x0000002b jmp 00007F65C0B38BEFh 0x00000030 popad 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 pushad 0x00000036 jbe 00007F65C0B38BECh 0x0000003c jnl 00007F65C0B38BE8h 0x00000042 popad 0x00000043 pop eax 0x00000044 push 00000003h 0x00000046 mov dword ptr [ebp+122D1FA8h], esi 0x0000004c push 00000000h 0x0000004e call 00007F65C0B38BEFh 0x00000053 mov ecx, 0B140245h 0x00000058 pop edx 0x00000059 push 00000003h 0x0000005b mov ecx, dword ptr [ebp+122D351Dh] 0x00000061 mov edi, ebx 0x00000063 call 00007F65C0B38BE9h 0x00000068 push eax 0x00000069 push edx 0x0000006a push eax 0x0000006b push edx 0x0000006c push edx 0x0000006d pop edx 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7A27 second address: 5C7A31 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F65C10F1076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7A31 second address: 5C7A9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jp 00007F65C0B38BECh 0x00000011 jns 00007F65C0B38BE6h 0x00000017 jmp 00007F65C0B38BEFh 0x0000001c popad 0x0000001d mov eax, dword ptr [esp+04h] 0x00000021 jmp 00007F65C0B38BF3h 0x00000026 mov eax, dword ptr [eax] 0x00000028 push edx 0x00000029 jmp 00007F65C0B38BEFh 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], eax 0x00000033 push eax 0x00000034 push edx 0x00000035 jg 00007F65C0B38BECh 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7A9F second address: 5C7AEA instructions: 0x00000000 rdtsc 0x00000002 jns 00007F65C10F107Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov edx, 37CC0DFCh 0x00000010 lea ebx, dword ptr [ebp+124477E0h] 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F65C10F1078h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000014h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 mov dword ptr [ebp+122D1E11h], eax 0x00000036 xchg eax, ebx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a jc 00007F65C10F1076h 0x00000040 pushad 0x00000041 popad 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7AEA second address: 5C7AEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7B7F second address: 5C7BCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 ja 00007F65C10F1076h 0x0000000e pop ebx 0x0000000f popad 0x00000010 mov dword ptr [esp], eax 0x00000013 mov edi, esi 0x00000015 mov edx, dword ptr [ebp+122D3515h] 0x0000001b push 00000000h 0x0000001d or dword ptr [ebp+122D17D9h], esi 0x00000023 call 00007F65C10F1079h 0x00000028 jns 00007F65C10F1084h 0x0000002e push eax 0x0000002f jl 00007F65C10F1084h 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 pop eax 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7BCA second address: 5C7BE6 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007F65C0B38BECh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7CC2 second address: 5C7CE1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65C10F1076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jno 00007F65C10F1076h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jno 00007F65C10F1076h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7D80 second address: 5C7D8A instructions: 0x00000000 rdtsc 0x00000002 js 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7D8A second address: 5C7E24 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F65C10F1081h 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jmp 00007F65C10F1088h 0x00000014 jmp 00007F65C10F107Ah 0x00000019 popad 0x0000001a nop 0x0000001b push 00000000h 0x0000001d push edi 0x0000001e call 00007F65C10F1078h 0x00000023 pop edi 0x00000024 mov dword ptr [esp+04h], edi 0x00000028 add dword ptr [esp+04h], 00000019h 0x00000030 inc edi 0x00000031 push edi 0x00000032 ret 0x00000033 pop edi 0x00000034 ret 0x00000035 adc esi, 4C5A4F00h 0x0000003b mov dl, 17h 0x0000003d push 00000000h 0x0000003f mov dword ptr [ebp+122D27A9h], eax 0x00000045 call 00007F65C10F1079h 0x0000004a pushad 0x0000004b pushad 0x0000004c pushad 0x0000004d popad 0x0000004e push esi 0x0000004f pop esi 0x00000050 popad 0x00000051 jmp 00007F65C10F1082h 0x00000056 popad 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a push ecx 0x0000005b push edx 0x0000005c pop edx 0x0000005d pop ecx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7E24 second address: 5C7E53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push ecx 0x0000000e jmp 00007F65C0B38BF1h 0x00000013 pop ecx 0x00000014 mov eax, dword ptr [eax] 0x00000016 push ecx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C7F22 second address: 5C7F47 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F65C10F1088h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EAB13 second address: 5EAB19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EAB19 second address: 5EAB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EAB1D second address: 5EAB21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E9234 second address: 5E9239 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E9239 second address: 5E923F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E923F second address: 5E9249 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F65C10F1076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E9514 second address: 5E9518 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E9518 second address: 5E952C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Ah 0x00000007 jbe 00007F65C10F1076h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E952C second address: 5E9531 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E9531 second address: 5E9537 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E96B2 second address: 5E96DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F65C0B38BE6h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d jmp 00007F65C0B38BF9h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E96DB second address: 5E96E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E96E1 second address: 5E96E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E995F second address: 5E9983 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007F65C10F1093h 0x0000000b jmp 00007F65C10F1087h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E9AF2 second address: 5E9B1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEBh 0x00000007 jmp 00007F65C0B38BF9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BB00C second address: 5BB014 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EA5CF second address: 5EA5D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EA5D5 second address: 5EA5DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EA5DE second address: 5EA5E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EA5E2 second address: 5EA5F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F65C10F107Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BE5C3 second address: 5BE5CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnp 00007F65C0B38BE6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EF048 second address: 5EF04E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EF04E second address: 5EF052 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDD86 second address: 5EDDAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F65C10F1088h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDDAB second address: 5EDDB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EF701 second address: 5EF728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F65C10F1087h 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EF728 second address: 5EF737 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65C0B38BEBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F3120 second address: 5F312B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F65C10F1076h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B0F3C second address: 5B0F63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF8h 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F65C0B38BE6h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F6B2E second address: 5F6B32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F6E3B second address: 5F6E5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F65C0B38BF8h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F8406 second address: 5F8417 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F853C second address: 5F8540 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F8540 second address: 5F855C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1088h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F861F second address: 5F8625 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F8FE8 second address: 5F8FEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F9163 second address: 5F9189 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F65C0B38BEFh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F922F second address: 5F9233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FABE5 second address: 5FAC0D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F65C0B38BF2h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F65C0B38BEDh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FBEC6 second address: 5FBECC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FAC0D second address: 5FAC13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FCA12 second address: 5FCA18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD4C9 second address: 5FD4D3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD4D3 second address: 5FD566 instructions: 0x00000000 rdtsc 0x00000002 js 00007F65C10F107Ch 0x00000008 jne 00007F65C10F1076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F65C10F1078h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d call 00007F65C10F107Fh 0x00000032 mov si, 0A08h 0x00000036 pop esi 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ebx 0x0000003c call 00007F65C10F1078h 0x00000041 pop ebx 0x00000042 mov dword ptr [esp+04h], ebx 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc ebx 0x0000004f push ebx 0x00000050 ret 0x00000051 pop ebx 0x00000052 ret 0x00000053 mov dword ptr [ebp+122D1E43h], eax 0x00000059 mov edi, 4A0F6C36h 0x0000005e push 00000000h 0x00000060 stc 0x00000061 xchg eax, ebx 0x00000062 jmp 00007F65C10F107Ch 0x00000067 push eax 0x00000068 push eax 0x00000069 push edx 0x0000006a pushad 0x0000006b jbe 00007F65C10F1076h 0x00000071 push ebx 0x00000072 pop ebx 0x00000073 popad 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD566 second address: 5FD56C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FD2EF second address: 5FD2F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FE016 second address: 5FE020 instructions: 0x00000000 rdtsc 0x00000002 js 00007F65C0B38BECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6037D2 second address: 6037F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F65C10F1088h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6037F2 second address: 60386A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e pushad 0x0000000f mov dword ptr [ebp+122D1E0Bh], ebx 0x00000015 jg 00007F65C0B38BFBh 0x0000001b popad 0x0000001c call 00007F65C0B38BEBh 0x00000021 mov bx, cx 0x00000024 pop ebx 0x00000025 push 00000000h 0x00000027 jnp 00007F65C0B38BE7h 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push edx 0x00000032 call 00007F65C0B38BE8h 0x00000037 pop edx 0x00000038 mov dword ptr [esp+04h], edx 0x0000003c add dword ptr [esp+04h], 00000015h 0x00000044 inc edx 0x00000045 push edx 0x00000046 ret 0x00000047 pop edx 0x00000048 ret 0x00000049 push edi 0x0000004a mov ebx, esi 0x0000004c pop edi 0x0000004d mov ebx, dword ptr [ebp+122D3659h] 0x00000053 xchg eax, esi 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60386A second address: 60386E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60386E second address: 603872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 605910 second address: 60591A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F65C10F1076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60591A second address: 60597C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov edi, eax 0x00000011 push edi 0x00000012 jg 00007F65C0B38BEBh 0x00000018 pop edi 0x00000019 push 00000000h 0x0000001b mov dword ptr [ebp+122D1B07h], eax 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push ebx 0x00000026 call 00007F65C0B38BE8h 0x0000002b pop ebx 0x0000002c mov dword ptr [esp+04h], ebx 0x00000030 add dword ptr [esp+04h], 00000019h 0x00000038 inc ebx 0x00000039 push ebx 0x0000003a ret 0x0000003b pop ebx 0x0000003c ret 0x0000003d add dword ptr [ebp+122D2993h], esi 0x00000043 push eax 0x00000044 push eax 0x00000045 push edx 0x00000046 jmp 00007F65C0B38BF0h 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604AB6 second address: 604AD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F65C10F1088h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6068E9 second address: 6068EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6068EF second address: 606921 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F65C10F1088h 0x00000008 js 00007F65C10F1076h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 jno 00007F65C10F1078h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 604B7F second address: 604B84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 606921 second address: 606971 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 call 00007F65C10F1083h 0x0000000d mov dword ptr [ebp+122D1FA8h], edx 0x00000013 pop edi 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edi 0x00000019 call 00007F65C10F1078h 0x0000001e pop edi 0x0000001f mov dword ptr [esp+04h], edi 0x00000023 add dword ptr [esp+04h], 00000019h 0x0000002b inc edi 0x0000002c push edi 0x0000002d ret 0x0000002e pop edi 0x0000002f ret 0x00000030 push 00000000h 0x00000032 mov bx, di 0x00000035 push eax 0x00000036 push eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 606971 second address: 606975 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 607A85 second address: 607A89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 607A89 second address: 607A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 607A8F second address: 607AAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65C10F1087h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 607AAA second address: 607AAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60BCC3 second address: 60BCE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F65C10F1076h 0x0000000a popad 0x0000000b pushad 0x0000000c jmp 00007F65C10F1082h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60C319 second address: 60C33F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F65C0B38BEAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60D2C1 second address: 60D2C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60D2C5 second address: 60D2CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60D2CB second address: 60D336 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1083h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F65C10F1078h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 push 00000000h 0x00000028 mov ebx, dword ptr [ebp+122D289Dh] 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ecx 0x00000033 call 00007F65C10F1078h 0x00000038 pop ecx 0x00000039 mov dword ptr [esp+04h], ecx 0x0000003d add dword ptr [esp+04h], 00000015h 0x00000045 inc ecx 0x00000046 push ecx 0x00000047 ret 0x00000048 pop ecx 0x00000049 ret 0x0000004a movsx ebx, di 0x0000004d xchg eax, esi 0x0000004e push esi 0x0000004f pushad 0x00000050 pushad 0x00000051 popad 0x00000052 push eax 0x00000053 push edx 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6102B3 second address: 6102EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F65C0B38BEEh 0x0000000e jno 00007F65C0B38BE8h 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6102EA second address: 6102EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60E478 second address: 60E48E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6102EE second address: 6102F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60D420 second address: 60D424 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6102F2 second address: 6102FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60E48E second address: 60E4AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jl 00007F65C0B38BECh 0x00000011 jo 00007F65C0B38BE6h 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6102FE second address: 610302 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60E4AF second address: 60E4FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 nop 0x00000007 add ebx, dword ptr [ebp+122D1DB5h] 0x0000000d push dword ptr fs:[00000000h] 0x00000014 movsx ebx, bx 0x00000017 mov dword ptr fs:[00000000h], esp 0x0000001e mov bh, ch 0x00000020 mov eax, dword ptr [ebp+122D0DE1h] 0x00000026 push 00000000h 0x00000028 push edx 0x00000029 call 00007F65C0B38BE8h 0x0000002e pop edx 0x0000002f mov dword ptr [esp+04h], edx 0x00000033 add dword ptr [esp+04h], 00000018h 0x0000003b inc edx 0x0000003c push edx 0x0000003d ret 0x0000003e pop edx 0x0000003f ret 0x00000040 push FFFFFFFFh 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 pushad 0x00000048 popad 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60E4FE second address: 60E504 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60E504 second address: 60E50A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6109F2 second address: 610A07 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60E50A second address: 60E50E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 610A07 second address: 610A0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 611A4F second address: 611A53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 610B00 second address: 610B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov edi, dword ptr [ebp+122D33D5h] 0x0000000c push dword ptr fs:[00000000h] 0x00000013 push 00000000h 0x00000015 push ecx 0x00000016 call 00007F65C10F1078h 0x0000001b pop ecx 0x0000001c mov dword ptr [esp+04h], ecx 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc ecx 0x00000029 push ecx 0x0000002a ret 0x0000002b pop ecx 0x0000002c ret 0x0000002d mov dword ptr fs:[00000000h], esp 0x00000034 push 00000000h 0x00000036 push edi 0x00000037 call 00007F65C10F1078h 0x0000003c pop edi 0x0000003d mov dword ptr [esp+04h], edi 0x00000041 add dword ptr [esp+04h], 00000014h 0x00000049 inc edi 0x0000004a push edi 0x0000004b ret 0x0000004c pop edi 0x0000004d ret 0x0000004e mov edi, esi 0x00000050 mov eax, dword ptr [ebp+122D0CC1h] 0x00000056 pushad 0x00000057 add dword ptr [ebp+122D1E43h], esi 0x0000005d jmp 00007F65C10F1083h 0x00000062 popad 0x00000063 push FFFFFFFFh 0x00000065 sub dword ptr [ebp+12462E7Ah], eax 0x0000006b nop 0x0000006c push eax 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 jmp 00007F65C10F107Ch 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 611CB5 second address: 611CBF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F65C0B38BECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 610B90 second address: 610BA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1084h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6129EA second address: 6129F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6129F0 second address: 612A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007F65C10F1081h 0x0000000f jnc 00007F65C10F1076h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 612B82 second address: 612B9E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F65C0B38BE8h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F65C0B38BEDh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 613B32 second address: 613B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 617DDD second address: 617DE7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 617DE7 second address: 617DEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 617DEB second address: 617DEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 617DEF second address: 617E0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F65C10F1081h 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 61D27D second address: 61D291 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jne 00007F65C0B38BE6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jns 00007F65C0B38BE6h 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 61CCE1 second address: 61CCE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AA424 second address: 5AA42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AA42A second address: 5AA432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AA432 second address: 5AA44E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF7h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 620187 second address: 62018C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62018C second address: 6201AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF8h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6254EC second address: 6254F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6254F0 second address: 625511 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F65C0B38BECh 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007F65C0B38BEBh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 625511 second address: 625552 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Fh 0x00000007 jmp 00007F65C10F107Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 ja 00007F65C10F1076h 0x00000018 pushad 0x00000019 popad 0x0000001a jmp 00007F65C10F1082h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 625552 second address: 625557 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 625E4B second address: 625E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 625E4F second address: 625E58 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 625E58 second address: 625E65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 625E65 second address: 625E69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 625E69 second address: 625E6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62C220 second address: 62C224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62B921 second address: 62B929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62B929 second address: 62B945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62B945 second address: 62B962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007F65C10F1082h 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62B962 second address: 62B966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62B966 second address: 62B96A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62BAA4 second address: 62BAB2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62BAB2 second address: 62BACE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F1088h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62BACE second address: 62BAF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F65C0B38BF2h 0x00000011 jl 00007F65C0B38BE6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62BDD3 second address: 62BDEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jc 00007F65C10F1082h 0x0000000d jnc 00007F65C10F1076h 0x00000013 jc 00007F65C10F1076h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62BDEC second address: 62BDF1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62C097 second address: 62C09D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62C09D second address: 62C0D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F65C0B38BF1h 0x0000000c pushad 0x0000000d jl 00007F65C0B38BE6h 0x00000013 jmp 00007F65C0B38BF5h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 631E51 second address: 631E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 631E57 second address: 631E6B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F65C0B38BEAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630C82 second address: 630C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6313B3 second address: 6313B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63095F second address: 630978 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F65C10F107Fh 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 636E1B second address: 636E1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 636E1F second address: 636E25 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 636E25 second address: 636E33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F65C0B38BECh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63BA15 second address: 63BA54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c jmp 00007F65C10F1084h 0x00000011 jnc 00007F65C10F1076h 0x00000017 pop eax 0x00000018 pushad 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b pushad 0x0000001c popad 0x0000001d jng 00007F65C10F1076h 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63BA54 second address: 63BA59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63BBB3 second address: 63BBBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63BE89 second address: 63BEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F65C0B38BE6h 0x0000000a jmp 00007F65C0B38BF8h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63BEAB second address: 63BED2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1082h 0x00000007 pushad 0x00000008 jmp 00007F65C10F107Eh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C048 second address: 63C055 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jc 00007F65C0B38BEEh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C16E second address: 63C178 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C178 second address: 63C17C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C17C second address: 63C18F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65C10F1076h 0x00000008 jo 00007F65C10F1076h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C18F second address: 63C195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C195 second address: 63C19B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C2D2 second address: 63C2D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C44E second address: 63C46B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F1080h 0x00000009 popad 0x0000000a jng 00007F65C10F1082h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C46B second address: 63C471 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C471 second address: 63C475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C475 second address: 63C491 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F65C0B38BF1h 0x0000000a popad 0x0000000b push ecx 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63C5ED second address: 63C5FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5DD4BC second address: 5DD4C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63B44D second address: 63B451 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63B451 second address: 63B48F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d jmp 00007F65C0B38BF7h 0x00000012 pop ecx 0x00000013 pushad 0x00000014 push edi 0x00000015 pop edi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 63B48F second address: 63B494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 640095 second address: 640099 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 644B12 second address: 644B5F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b jmp 00007F65C10F1081h 0x00000010 pop eax 0x00000011 jmp 00007F65C10F1083h 0x00000016 pushad 0x00000017 jmp 00007F65C10F1088h 0x0000001c push esi 0x0000001d pop esi 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFD37 second address: 5FFD3C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFFF8 second address: 5FFFFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFFFC second address: 600002 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 600317 second address: 60031D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60031D second address: 600323 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 600323 second address: 600347 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F65C10F1086h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6005E3 second address: 600619 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jp 00007F65C0B38BF8h 0x00000011 je 00007F65C0B38BECh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6009DA second address: 6009E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6009E0 second address: 6009EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 je 00007F65C0B38BE6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 600B6C second address: 600B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 600D12 second address: 600D56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edi 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F65C0B38BF5h 0x00000013 jmp 00007F65C0B38BF0h 0x00000018 popad 0x00000019 pop eax 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F65C0B38BEBh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 600D56 second address: 600D6F instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F65C10F107Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 600D6F second address: 600D74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 600E41 second address: 600E4B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F65C10F1076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 643F90 second address: 643FA9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F65C0B38BEEh 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6440DC second address: 6440E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6440E2 second address: 6440EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 644287 second address: 6442AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F65C10F108Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6443F7 second address: 64443A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007F65C0B38BECh 0x00000010 popad 0x00000011 pushad 0x00000012 jnl 00007F65C0B38BF7h 0x00000018 pushad 0x00000019 jmp 00007F65C0B38BF1h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 646FBE second address: 646FC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 646FC2 second address: 646FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 646FC8 second address: 646FCF instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 646FCF second address: 646FD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 646FD8 second address: 646FDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64A158 second address: 64A17C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEFh 0x00000007 js 00007F65C0B38BE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 js 00007F65C0B38BECh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64A17C second address: 64A180 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64A180 second address: 64A1A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF9h 0x00000007 push eax 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649B72 second address: 649B77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649B77 second address: 649B7D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649B7D second address: 649B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649CA2 second address: 649CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649CA7 second address: 649CCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1080h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F65C10F107Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649CCD second address: 649CFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F65C0B38BFCh 0x0000000f jmp 00007F65C0B38BF0h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649CFA second address: 649CFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 649EAE second address: 649EB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64F8D7 second address: 64F8E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64F8E0 second address: 64F8E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FE7F second address: 64FE9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1086h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6007E3 second address: 6007E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FFD5 second address: 64FFF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 jbe 00007F65C10F1076h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop ecx 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007F65C10F1076h 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 64FFF0 second address: 65000A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF0h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65000A second address: 65000E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65000E second address: 650014 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 653F9F second address: 653FA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 653FA5 second address: 653FB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F65C0B38BECh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 653FB6 second address: 653FBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 653FBC second address: 653FFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F65C0B38BF7h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jmp 00007F65C0B38BEFh 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 653FFB second address: 65401A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1086h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65401A second address: 654020 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6539D6 second address: 6539E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6582A9 second address: 6582AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6582AF second address: 6582D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F65C10F109Dh 0x0000000b jmp 00007F65C10F107Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F65C10F107Eh 0x00000017 push edi 0x00000018 pop edi 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B450D second address: 5B4536 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F65C0B38BF8h 0x0000000d pushad 0x0000000e jnl 00007F65C0B38BE6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65770A second address: 65770F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65770F second address: 657742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jc 00007F65C0B38BF5h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 jmp 00007F65C0B38BEEh 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 657742 second address: 657746 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 657899 second address: 6578AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEDh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6578AA second address: 6578F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F65C10F107Dh 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f jnp 00007F65C10F107Eh 0x00000015 popad 0x00000016 pushad 0x00000017 jmp 00007F65C10F107Ch 0x0000001c pushad 0x0000001d jl 00007F65C10F1076h 0x00000023 jmp 00007F65C10F107Eh 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6578F4 second address: 657909 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F65C0B38BE6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F65C0B38BE6h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 657A56 second address: 657A70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1084h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 657A70 second address: 657A76 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 657D1C second address: 657D22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 657D22 second address: 657D26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65995B second address: 659966 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 659966 second address: 659985 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF9h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 659985 second address: 65998B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65BE2C second address: 65BE30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 65BE30 second address: 65BE34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6648DA second address: 6648F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6648F9 second address: 664902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 664902 second address: 664910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BEAh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66284E second address: 662867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F65C10F1084h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 662B68 second address: 662B88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF7h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 662B88 second address: 662B99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 662B99 second address: 662BA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F65C0B38BE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 662E43 second address: 662E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F65C10F1089h 0x0000000d jng 00007F65C10F1076h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 662E6C second address: 662E82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF1h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 662E82 second address: 662E93 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F65C10F107Ah 0x00000008 pop esi 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 663411 second address: 663417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 663417 second address: 66341B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66341B second address: 663440 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEBh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jnl 00007F65C0B38BE6h 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a pushad 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66370B second address: 663711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 663711 second address: 663715 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6639FB second address: 663A15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F1086h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 663A15 second address: 663A93 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F65C0B38BF0h 0x00000008 jmp 00007F65C0B38BF4h 0x0000000d popad 0x0000000e push ecx 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007F65C0B38BF2h 0x00000016 pop ecx 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a pushad 0x0000001b jno 00007F65C0B38BE6h 0x00000021 push eax 0x00000022 pop eax 0x00000023 popad 0x00000024 jmp 00007F65C0B38BEAh 0x00000029 pushad 0x0000002a jmp 00007F65C0B38BF2h 0x0000002f jmp 00007F65C0B38BF4h 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 663D44 second address: 663D52 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F65C10F1076h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 663D52 second address: 663D5B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 663D5B second address: 663D61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 663D61 second address: 663D90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F65C0B38BF1h 0x00000013 push edx 0x00000014 pop edx 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 je 00007F65C0B38BEEh 0x0000001f pushad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 663D90 second address: 663DAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F65C10F108Ah 0x0000000a jmp 00007F65C10F1084h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 663DAE second address: 663DB8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F65C0B38BE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6642D1 second address: 6642FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Fh 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F65C10F1085h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6642FB second address: 664305 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65C0B38BF2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 664305 second address: 66430B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6645DE second address: 6645E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66D889 second address: 66D88D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66C9C3 second address: 66C9E0 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 jbe 00007F65C0B38BE8h 0x0000000e push ecx 0x0000000f jmp 00007F65C0B38BEAh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66CB2C second address: 66CB32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66CB32 second address: 66CB36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66CB36 second address: 66CB5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F65C10F1078h 0x0000000c popad 0x0000000d push edx 0x0000000e jmp 00007F65C10F1083h 0x00000013 pushad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66CE49 second address: 66CE4F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66CE4F second address: 66CE6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F1088h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66CE6B second address: 66CE6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66CF90 second address: 66CFC6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F65C10F1076h 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e pushad 0x0000000f jmp 00007F65C10F107Dh 0x00000014 jmp 00007F65C10F1082h 0x00000019 jng 00007F65C10F1076h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66CFC6 second address: 66CFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F65C0B38BECh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66CFD7 second address: 66CFF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F65C10F108Eh 0x0000000a jmp 00007F65C10F1088h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66CFF9 second address: 66D034 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 js 00007F65C0B38BE6h 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F65C0B38BF8h 0x00000010 jmp 00007F65C0B38BEDh 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jns 00007F65C0B38BE6h 0x0000001e push eax 0x0000001f pop eax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66D3FF second address: 66D40F instructions: 0x00000000 rdtsc 0x00000002 jp 00007F65C10F1076h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 66D585 second address: 66D59C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEDh 0x00000007 je 00007F65C0B38BE6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 673B93 second address: 673BA7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 je 00007F65C10F1076h 0x0000000d ja 00007F65C10F1076h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 673BA7 second address: 673BBB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F65C0B38BEDh 0x00000008 push esi 0x00000009 pop esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67416F second address: 674173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 674173 second address: 67419A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F65C0B38BEDh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6742E5 second address: 6742F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F65C10F107Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6742F8 second address: 674302 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 674913 second address: 674919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 674919 second address: 67492D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F65C0B38BEBh 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67492D second address: 674931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 674931 second address: 674935 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 674935 second address: 67493B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67493B second address: 67494E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007F65C0B38BF8h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 675163 second address: 675169 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67CF05 second address: 67CF09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67D047 second address: 67D04D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67F874 second address: 67F87A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 67F87A second address: 67F87E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 68D4A7 second address: 68D4D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jl 00007F65C0B38BE6h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 jmp 00007F65C0B38BEAh 0x00000018 jmp 00007F65C0B38BF4h 0x0000001d pop edi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 695FE7 second address: 695FED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 695FED second address: 69600A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F65C0B38BF5h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A27B8 second address: 6A27BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A27BE second address: 6A27C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A27C8 second address: 6A27CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A7F31 second address: 6A7F3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F65C0B38BE6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A7F3D second address: 6A7F43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A7F43 second address: 6A7F4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A7F4F second address: 6A7F53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A7F53 second address: 6A7F59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A80E8 second address: 6A80F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edx 0x00000006 pop edx 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A80F6 second address: 6A8107 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F65C0B38BE6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A8107 second address: 6A810D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A828A second address: 6A8291 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A8291 second address: 6A82AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b jbe 00007F65C10F1076h 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 jo 00007F65C10F107Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A8401 second address: 6A8418 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BF0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A8418 second address: 6A8449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F65C10F1076h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F65C10F107Ah 0x00000013 jo 00007F65C10F1089h 0x00000019 push edi 0x0000001a pop edi 0x0000001b jmp 00007F65C10F1081h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A8449 second address: 6A846F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F65C0B38BFEh 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F65C0B38BF6h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A85A6 second address: 6A85C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jnp 00007F65C10F1076h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 jnc 00007F65C10F1078h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A88EB second address: 6A8910 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C0B38BEBh 0x00000007 jmp 00007F65C0B38BF3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A9435 second address: 6A9467 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 je 00007F65C10F1090h 0x0000000d pop edx 0x0000000e pushad 0x0000000f pushad 0x00000010 jl 00007F65C10F1076h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A9467 second address: 6A949E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BEFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F65C0B38BEEh 0x00000011 jmp 00007F65C0B38BF3h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A949E second address: 6A94A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A94A2 second address: 6A94A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A94A8 second address: 6A94B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F65C10F107Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6A94B6 second address: 6A94BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6AD0C0 second address: 6AD0C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6AD0C6 second address: 6AD0CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6AE9E4 second address: 6AE9F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F107Ch 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B853D second address: 6B8544 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6B8544 second address: 6B854F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007F65C10F1076h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6BA4FB second address: 6BA50E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F65C0B38BEAh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6BA359 second address: 6BA373 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1080h 0x00000007 jo 00007F65C10F1076h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C41BE second address: 6C41DD instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F65C0B38BF2h 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C41DD second address: 6C4209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F65C10F1076h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F65C10F1083h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jc 00007F65C10F1076h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C4209 second address: 6C420D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C420D second address: 6C4211 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6C4211 second address: 6C4223 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F65C0B38BE6h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6D26EB second address: 6D2709 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F1086h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA87F second address: 6EA89C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C0B38BF9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA9F6 second address: 6EA9FE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EA9FE second address: 6EAA19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65C0B38BF7h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EAA19 second address: 6EAA22 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EAA22 second address: 6EAA47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007F65C0B38BF2h 0x00000011 jnl 00007F65C0B38BE8h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EAA47 second address: 6EAA4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EAD09 second address: 6EAD15 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F65C0B38BE6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB2AF second address: 6EB2C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F65C10F1085h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB451 second address: 6EB45B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F65C0B38BE6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB722 second address: 6EB72F instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65C10F1076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EB72F second address: 6EB749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F65C0B38BF2h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE407 second address: 6EE411 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F65C10F1076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE411 second address: 6EE417 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE417 second address: 6EE43A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F65C10F107Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnp 00007F65C10F107Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE43A second address: 6EE454 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65C0B38BF6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE9C6 second address: 6EE9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE9CC second address: 6EE9D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE9D1 second address: 6EE9FF instructions: 0x00000000 rdtsc 0x00000002 jl 00007F65C10F1078h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f pushad 0x00000010 movsx edi, di 0x00000013 mov cx, 4D5Dh 0x00000017 popad 0x00000018 push dword ptr [ebp+122D2945h] 0x0000001e mov dx, ax 0x00000021 call 00007F65C10F1079h 0x00000026 push ecx 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EE9FF second address: 6EEA16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jnp 00007F65C0B38BE6h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6EEA16 second address: 6EEA69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F65C10F1076h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 ja 00007F65C10F1088h 0x00000016 mov eax, dword ptr [eax] 0x00000018 push esi 0x00000019 jmp 00007F65C10F1089h 0x0000001e pop esi 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jc 00007F65C10F1078h 0x0000002b push edx 0x0000002c pop edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4D50D38 second address: 4D50DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov ecx, dword ptr [eax+00000FDCh] 0x0000000c pushad 0x0000000d mov bx, si 0x00000010 pushfd 0x00000011 jmp 00007F65C0B38BEAh 0x00000016 or si, 34D8h 0x0000001b jmp 00007F65C0B38BEBh 0x00000020 popfd 0x00000021 popad 0x00000022 test ecx, ecx 0x00000024 jmp 00007F65C0B38BF6h 0x00000029 jns 00007F65C0B38C08h 0x0000002f jmp 00007F65C0B38BF0h 0x00000034 add eax, ecx 0x00000036 jmp 00007F65C0B38BF0h 0x0000003b mov eax, dword ptr [eax+00000860h] 0x00000041 jmp 00007F65C0B38BF0h 0x00000046 test eax, eax 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b mov eax, edx 0x0000004d pushfd 0x0000004e jmp 00007F65C0B38BF9h 0x00000053 xor esi, 289529E6h 0x00000059 jmp 00007F65C0B38BF1h 0x0000005e popfd 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4D50DF5 second address: 4D50E05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F65C10F107Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4D50E05 second address: 4D50E09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 453860 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 5EDBBD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 617E35 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 4537B9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 684DCF instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 1424 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2198620307.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218364928.0000000000E55000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218429199.0000000000EA1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2199613296.0000000000E54000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2218168501.0000000000DFE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00435BB0 LdrInitializeThunk, 0_2_00435BB0

HIPS / PFW / Operating System Protection Evasion
barindex
LummaC encrypted strings found
Source: file.exe String found in binary or memory: clearancek.site
Source: file.exe String found in binary or memory: licendfilteo.site
Source: file.exe String found in binary or memory: spirittunek.stor
Source: file.exe String found in binary or memory: bathdoomgaz.stor
Source: file.exe String found in binary or memory: studennotediw.stor
Source: file.exe String found in binary or memory: dissapoiznw.stor
Source: file.exe String found in binary or memory: eaglepawnoy.stor
Source: file.exe String found in binary or memory: mobbipenju.stor
Source: file.exe, file.exe, 00000000.00000002.2217365559.00000000005CF000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Stealing of Sensitive Information
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality
barindex
Yara detected LummaC Stealer
Source: Yara match File source: decrypted.memstr, type: MEMORYSTR
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1528371 Sample: file.exe Startdate: 07/10/2024 Architecture: WINDOWS Score: 100 10 sergei-esenin.com 2->10 12 licendfilteo.site 2->12 14 8 other IPs or domains 2->14 20 Suricata IDS alerts for network traffic 2->20 22 Found malware configuration 2->22 24 Antivirus detection for URL or domain 2->24 26 8 other signatures 2->26 6 file.exe 2->6         started        signatures3 process4 dnsIp5 16 sergei-esenin.com 104.21.53.8, 443, 49713 CLOUDFLARENETUS United States 6->16 18 steamcommunity.com 104.102.49.254, 443, 49711 AKAMAI-ASUS United States 6->18 28 Detected unpacking (changes PE section rights) 6->28 30 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->30 32 Tries to evade debugger and weak emulator (self modifying code) 6->32 34 4 other signatures 6->34 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.53.8
 sergei-esenin.com United States
13335 CLOUDFLARENETUS true
104.102.49.254
 steamcommunity.com United States
16625 AKAMAI-ASUS false

Contacted Domains

Name IP Active
steamcommunity.com 104.102.49.254 true
sergei-esenin.com 104.21.53.8 true
eaglepawnoy.store unknown unknown
bathdoomgaz.store unknown unknown
spirittunek.store unknown unknown
licendfilteo.site unknown unknown
studennotediw.store unknown unknown
mobbipenju.store unknown unknown
clearancek.site unknown unknown
dissapoiznw.store unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
studennotediw.stor true
    		unknown
    mobbipenju.stor true
      		unknown
      https://steamcommunity.com/profiles/76561199724331900 true
      • URL Reputation: malware
      		 unknown
      bathdoomgaz.stor true
        		unknown
        dissapoiznw.stor true
          		unknown
          spirittunek.stor true
            		unknown
            eaglepawnoy.stor true
              		unknown
              clearancek.site true
                		unknown
                licendfilteo.site true
                  		unknown