Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1538235
MD5:	4f7d940e5a6e1a752310810ed5e48d90
SHA1:	6d600a018c09d0c27b6fb0a1115a8b734f071274
SHA256:	cabc120fdab47adca73614a9d78ba234c67d664dccce4998a89db47ecb856a3d
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/badges	URL Reputation: Label: malware

Found malware configuration

Source: file.exe.6568.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["dissapoiznw.store", "mobbipenju.store", "clearancek.site", "eaglepawnoy.store", "licendfilteo.site", "spirittunek.store", "bathdoomgaz.store", "studennotediw.store"], "Build id": "4SD0y4--legendaryy"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49731 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB50FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B7D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B7D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00BB63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00BB99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00BB695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00B7FCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B80EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BB6094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00BAF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00B86F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00B71000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00BB4040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00B9D1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B842FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00B92260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00B92260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00B7A300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00BB64B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00B8B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9E40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00B9C470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B8D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00BB1440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B86536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00BB7520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B99510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9E66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00BAB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9D7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00BB67EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00BB7710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB5700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00B928E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00B749A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00BB3920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00B8D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B81ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B81A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00B75A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00BB4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00BA0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00B81BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B83BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00B8DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00B8DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00BB9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B9AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00B9AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00BB9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00BAFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00B97C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00B9EC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB8D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00B9FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00B7BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00B86EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00B76EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00B81E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00B84E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B95E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B97E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00B9AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00B86F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00B78FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00B8FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BB5FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00BB7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BAFF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B99F62

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:54991 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:54147 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:56852 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:60253 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:61700 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:57124 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:59705 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:51101 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.53.8:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: studennotediw.store

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.21.53.8 104.21.53.8
Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254

Internet Provider seen in connection with other malware

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: AKAMAI-ASUS AKAMAI-ASUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp

String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.steamstatic.com/ https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.st
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a61
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site/api
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/apiapi
Source: file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalContent.js?v=XpCpvP7feUoO&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eaglepawnoy.store:443/api
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq~
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apii
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/api
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spirittunek.store:443/api
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000002.1726248405.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900h6DG
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49731 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B80228	0_2_00B80228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA0D0	0_2_00BBA0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B82030	0_2_00B82030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B71000	0_2_00B71000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4040	0_2_00BB4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB	0_2_00CF71DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7E1A0	0_2_00B7E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B771F0	0_2_00B771F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115	0_2_00D46115
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B75160	0_2_00B75160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B712F7	0_2_00B712F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA82D0	0_2_00BA82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA12D0	0_2_00BA12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B713A3	0_2_00B713A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7B3A0	0_2_00B7B3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA23E0	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7A300	0_2_00B7A300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3F4C1	0_2_00D3F4C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8049B	0_2_00B8049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B84487	0_2_00B84487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA64F0	0_2_00BA64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1F451	0_2_00C1F451
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C470	0_2_00B9C470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4B41A	0_2_00D4B41A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B735B0	0_2_00B735B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C5F0	0_2_00B8C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB86F0	0_2_00BB86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAF620	0_2_00BAF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8652	0_2_00BB8652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7164F	0_2_00B7164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D44628	0_2_00D44628
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E38735	0_2_00E38735
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAE8A0	0_2_00BAE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAB8C0	0_2_00BAB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC684E	0_2_00CC684E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4986D	0_2_00D4986D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA1860	0_2_00BA1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB89A0	0_2_00BB89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9098B	0_2_00B9098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB7AB0	0_2_00BB7AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D42ACB	0_2_00D42ACB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8A80	0_2_00BB8A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7AA81	0_2_00C7AA81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF3AC1	0_2_00BF3AC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4EA67	0_2_00D4EA67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4A40	0_2_00BB4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B77BF0	0_2_00B77BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8DB6F	0_2_00B8DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6CBF	0_2_00BB6CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9CCD0	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8C02	0_2_00BB8C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D41C08	0_2_00D41C08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D04D99	0_2_00D04D99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9DD29	0_2_00B9DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9FD10	0_2_00B9FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98D62	0_2_00B98D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7BEB0	0_2_00B7BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B86EBF	0_2_00B86EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B84E2A	0_2_00B84E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8E70	0_2_00BB8E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9AE57	0_2_00B9AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBBFDC	0_2_00CBBFDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B78FD0	0_2_00B78FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB7FC0	0_2_00BB7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7AF10	0_2_00B7AF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3BF13	0_2_00D3BF13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C01F27	0_2_00C01F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA5F21	0_2_00CA5F21

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B7CAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B8D300 appears 152 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9996261344884488

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BA8220 CoCreateInstance,

0_2_00BA8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 3028480 > 1048576

Source: file.exe

Static PE information: Raw size of xkhaisln is bigger than: 0x100000 < 0x2ba000

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.b70000.0.unpack :EW;.rsrc :W;.idata :W;xkhaisln:EW;rfekvyib:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;xkhaisln:EW;rfekvyib:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x2efdc9 should be: 0x2eaaab

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: xkhaisln
Source: file.exe	Static PE information: section name: rfekvyib
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E46048 push 4664F8ABh; mov dword ptr [esp], edx	0_2_00E461D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E46048 push ecx; mov dword ptr [esp], 04A1CF9Bh	0_2_00E461E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1B013 push 39907781h; mov dword ptr [esp], ebp	0_2_00E1B095
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push 334C0DCDh; mov dword ptr [esp], ecx	0_2_00CF71FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push eax; mov dword ptr [esp], 69D951BAh	0_2_00CF7218
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push eax; mov dword ptr [esp], edi	0_2_00CF7241
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push ecx; mov dword ptr [esp], edx	0_2_00CF7261
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push esi; mov dword ptr [esp], edi	0_2_00CF728E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push edi; mov dword ptr [esp], 350428CEh	0_2_00CF72CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push ebp; mov dword ptr [esp], edx	0_2_00CF72D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push edi; mov dword ptr [esp], 375641C0h	0_2_00D6F1CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push ecx; mov dword ptr [esp], eax	0_2_00D6F1F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push edi; mov dword ptr [esp], 7DEA9506h	0_2_00D6F20C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push edi; mov dword ptr [esp], ebp	0_2_00D6F2A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFB15B push 0A4ECF00h; mov dword ptr [esp], eax	0_2_00DFB1C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFB15B push eax; mov dword ptr [esp], esi	0_2_00DFB1CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E78176 push 5F3B13B9h; mov dword ptr [esp], ecx	0_2_00E7821A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 72CAC23Dh; mov dword ptr [esp], edi	0_2_00D4611D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push ebx; mov dword ptr [esp], eax	0_2_00D4617A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push eax; mov dword ptr [esp], esi	0_2_00D46259
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 1BCA2342h; mov dword ptr [esp], edi	0_2_00D46297
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push esi; mov dword ptr [esp], ecx	0_2_00D462A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 6FAAA7B8h; mov dword ptr [esp], edi	0_2_00D462F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 38FE104Dh; mov dword ptr [esp], edi	0_2_00D46318
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push edx; mov dword ptr [esp], 60A03560h	0_2_00D4631F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push eax; mov dword ptr [esp], ebp	0_2_00D4633A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push ebx; mov dword ptr [esp], 7F797E76h	0_2_00D4638D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push ebx; mov dword ptr [esp], eax	0_2_00D46399
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 62B59CE6h; mov dword ptr [esp], esp	0_2_00D463A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 0CC252D7h; mov dword ptr [esp], eax	0_2_00D463CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 085A8877h; mov dword ptr [esp], edx	0_2_00D4640F

Source: file.exe

Static PE information: section name: entropy: 7.979276920550064

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD477A second address: BD4791 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524DC4552h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54B33 second address: D54B39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54B39 second address: D54B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F7524DC4552h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54B53 second address: D54B62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7524C2A42Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D53E36 second address: D53E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55E91 second address: D55E96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55E96 second address: D55EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F7524DC4548h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 mov esi, dword ptr [ebp+122D2345h] 0x0000002a push 00000000h 0x0000002c mov dword ptr [ebp+122D2D8Ch], eax 0x00000032 call 00007F7524DC4549h 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F7524DC454Dh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55EEA second address: D55F2B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007F7524C2A42Dh 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b push eax 0x0000001c jns 00007F7524C2A42Ch 0x00000022 pop eax 0x00000023 mov eax, dword ptr [eax] 0x00000025 jng 00007F7524C2A434h 0x0000002b push eax 0x0000002c push edx 0x0000002d jns 00007F7524C2A426h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F2B second address: D55F43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jnp 00007F7524DC4546h 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F43 second address: D55F7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pop eax 0x00000007 jg 00007F7524C2A42Ch 0x0000000d push 00000003h 0x0000000f push 00000000h 0x00000011 mov ecx, dword ptr [ebp+122D3BC4h] 0x00000017 push 00000003h 0x00000019 jmp 00007F7524C2A42Ch 0x0000001e call 00007F7524C2A429h 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F7C second address: D55F92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F92 second address: D55F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F96 second address: D55FD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b ja 00007F7524DC4556h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 jmp 00007F7524DC454Dh 0x0000001d pop ecx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55FD1 second address: D56069 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnl 00007F7524C2A426h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F7524C2A437h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push edi 0x00000018 jmp 00007F7524C2A436h 0x0000001d pop edi 0x0000001e pop eax 0x0000001f and dh, FFFFFFB5h 0x00000022 lea ebx, dword ptr [ebp+12455CA5h] 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F7524C2A428h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 0000001Ah 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 mov ecx, 38BF86FBh 0x00000047 movsx edi, dx 0x0000004a xchg eax, ebx 0x0000004b jno 00007F7524C2A43Ch 0x00000051 push eax 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D56069 second address: D5607C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5619B second address: D561A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B30 second address: D77B3A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524DC4552h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B3A second address: D77B49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7524C2A426h 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D425EC second address: D42609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F7524DC4546h 0x0000000a jg 00007F7524DC4546h 0x00000010 popad 0x00000011 ja 00007F7524DC454Ch 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42609 second address: D42611 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42611 second address: D4263E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Dh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F7524DC454Bh 0x00000013 pop edi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push ecx 0x00000017 push ebx 0x00000018 pushad 0x00000019 popad 0x0000001a pop ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D75CE0 second address: D75CE6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D760DE second address: D760F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jnc 00007F7524DC4546h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D760F5 second address: D76133 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A433h 0x00000007 jmp 00007F7524C2A435h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F7524C2A432h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76133 second address: D76138 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7627D second address: D76283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76283 second address: D76291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76291 second address: D76299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76299 second address: D762A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push ebx 0x00000009 push esi 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76515 second address: D76531 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Ah 0x00000007 jmp 00007F7524C2A42Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76531 second address: D76541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7524DC4546h 0x0000000a pop ebx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D766CD second address: D766D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D766D3 second address: D766D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D766D9 second address: D7670E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A433h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c jmp 00007F7524C2A436h 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7670E second address: D7671E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC454Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76CE3 second address: D76CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77229 second address: D77233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7524DC4546h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7752E second address: D77533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77690 second address: D77699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77699 second address: D7769D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7D205 second address: D7D213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F7524DC4546h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7D213 second address: D7D21F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7524C2A426h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA50 second address: D7FA54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA54 second address: D7FA5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA5A second address: D7FA60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA60 second address: D7FA64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA64 second address: D7FA87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f js 00007F7524DC4554h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCBB second address: D7FCC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7524C2A426h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCC6 second address: D7FCCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCCC second address: D7FCD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCD0 second address: D7FCE2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83712 second address: D83716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83716 second address: D8372C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F7524DC4548h 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8372C second address: D83765 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F7524C2A428h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F7524C2A42Ah 0x00000017 jmp 00007F7524C2A431h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pop eax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D838AB second address: D838B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D838B3 second address: D838C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F7524C2A42Eh 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D838C2 second address: D838C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83A26 second address: D83A4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7524C2A433h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83D4B second address: D83D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83D4F second address: D83D53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83D53 second address: D83D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4554h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F7524DC4546h 0x00000013 jmp 00007F7524DC4552h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83EE9 second address: D83EFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 ja 00007F7524C2A426h 0x0000000d jnp 00007F7524C2A426h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83EFE second address: D83F03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85737 second address: D85758 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7524C2A43Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85758 second address: D85770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4554h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85770 second address: D85776 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AE99 second address: D4AEAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7524DC4546h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c je 00007F7524DC4546h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AEAE second address: D4AED4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F7524C2A434h 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d je 00007F7524C2A451h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AED4 second address: D4AED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AED8 second address: D4AEF6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F7524C2A431h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87D04 second address: D87D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87D0C second address: D87D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87DC8 second address: D87DE5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jc 00007F7524DC4561h 0x00000015 push eax 0x00000016 push edx 0x00000017 jg 00007F7524DC4546h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8821C second address: D88225 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88358 second address: D8835D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88569 second address: D8856D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88A61 second address: D88A6B instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88A6B second address: D88AE0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7524C2A43Bh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebx 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F7524C2A428h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 nop 0x00000028 pushad 0x00000029 push eax 0x0000002a jmp 00007F7524C2A436h 0x0000002f pop eax 0x00000030 jmp 00007F7524C2A42Eh 0x00000035 popad 0x00000036 push eax 0x00000037 push edi 0x00000038 push eax 0x00000039 push edx 0x0000003a push edx 0x0000003b pop edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88C00 second address: D88C09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88C09 second address: D88C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88EE9 second address: D88EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88EED second address: D88EF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88EF1 second address: D88F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007F7524DC454Ch 0x00000010 jnl 00007F7524DC4546h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88F07 second address: D88F11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89031 second address: D89035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E1C second address: D89E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E29 second address: D89E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop ecx 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F7524DC4548h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 mov esi, dword ptr [ebp+122D3EDCh] 0x00000029 push 00000000h 0x0000002b pushad 0x0000002c mov si, E21Bh 0x00000030 jmp 00007F7524DC454Ah 0x00000035 popad 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b call 00007F7524DC4548h 0x00000040 pop esi 0x00000041 mov dword ptr [esp+04h], esi 0x00000045 add dword ptr [esp+04h], 00000016h 0x0000004d inc esi 0x0000004e push esi 0x0000004f ret 0x00000050 pop esi 0x00000051 ret 0x00000052 xchg eax, ebx 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E8F second address: D89E99 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E99 second address: D89EC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4556h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jg 00007F7524DC4546h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AE1B second address: D8AE1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AE1F second address: D8AE25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C300 second address: D8C30A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C30A second address: D8C30F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C30F second address: D8C344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7524C2A426h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov esi, 45256D3Bh 0x00000013 push 00000000h 0x00000015 jmp 00007F7524C2A42Dh 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+1245D8E7h], ecx 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jno 00007F7524C2A428h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8CEAD second address: D8CEB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F114 second address: D8F126 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F7524C2A426h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8D6F2 second address: D8D6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F126 second address: D8F12C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8FA51 second address: D8FAD0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F7524DC454Dh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e and si, DC54h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F7524DC4548h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f jmp 00007F7524DC454Eh 0x00000034 mov di, 4046h 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push esi 0x0000003d call 00007F7524DC4548h 0x00000042 pop esi 0x00000043 mov dword ptr [esp+04h], esi 0x00000047 add dword ptr [esp+04h], 00000014h 0x0000004f inc esi 0x00000050 push esi 0x00000051 ret 0x00000052 pop esi 0x00000053 ret 0x00000054 mov edi, dword ptr [ebp+12482D93h] 0x0000005a push eax 0x0000005b jl 00007F7524DC454Eh 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D901FD second address: D90203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90203 second address: D90207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91C13 second address: D91C17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91C17 second address: D91C1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91C1D second address: D91C22 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9218C second address: D921E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F7524DC4548h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 call 00007F7524DC4555h 0x0000002b and ebx, 5CCE6D53h 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 jnc 00007F7524DC4546h 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e jo 00007F7524DC4546h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D921E7 second address: D921EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D921EB second address: D921F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D931FB second address: D9328C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov di, cx 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F7524C2A428h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a jmp 00007F7524C2A432h 0x0000002f and edi, dword ptr [ebp+122D2430h] 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F7524C2A428h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 00000016h 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 js 00007F7524C2A42Ch 0x00000057 mov dword ptr [ebp+1245D8E7h], ecx 0x0000005d jl 00007F7524C2A432h 0x00000063 jc 00007F7524C2A42Ch 0x00000069 add dword ptr [ebp+122D2360h], ebx 0x0000006f xchg eax, esi 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9328C second address: D93290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93290 second address: D932A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7524C2A42Ah 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D932A7 second address: D932C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4559h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9234B second address: D9235D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524C2A42Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9235D second address: D92383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007F7524DC4563h 0x0000000e pushad 0x0000000f jmp 00007F7524DC4555h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D92383 second address: D92400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push esi 0x00000009 call 00007F7524C2A428h 0x0000000e pop esi 0x0000000f mov dword ptr [esp+04h], esi 0x00000013 add dword ptr [esp+04h], 0000001Ah 0x0000001b inc esi 0x0000001c push esi 0x0000001d ret 0x0000001e pop esi 0x0000001f ret 0x00000020 jmp 00007F7524C2A436h 0x00000025 push dword ptr fs:[00000000h] 0x0000002c add ebx, dword ptr [ebp+122D3E6Ch] 0x00000032 mov dword ptr fs:[00000000h], esp 0x00000039 mov dword ptr [ebp+12485C1Ah], edx 0x0000003f mov eax, dword ptr [ebp+122D0229h] 0x00000045 mov edi, eax 0x00000047 push FFFFFFFFh 0x00000049 sbb di, 5A99h 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F7524C2A433h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D952B2 second address: D952B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94406 second address: D9440C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D953E3 second address: D9540B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F7524DC4559h 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9540B second address: D95410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98361 second address: D98367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9937F second address: D99384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D99384 second address: D993F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F7524DC4557h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov dword ptr [ebp+124817CBh], ebx 0x00000016 push 00000000h 0x00000018 pushad 0x00000019 or dx, F8BDh 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 adc ch, 00000060h 0x00000024 popad 0x00000025 popad 0x00000026 push 00000000h 0x00000028 jmp 00007F7524DC4557h 0x0000002d push eax 0x0000002e push esi 0x0000002f pushad 0x00000030 jmp 00007F7524DC4558h 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D985CD second address: D985F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F7524C2A43Bh 0x0000000f jmp 00007F7524C2A435h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A4D7 second address: D9A4DC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A4DC second address: D9A557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007F7524C2A42Eh 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F7524C2A428h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b movzx ebx, ax 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007F7524C2A428h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000015h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a mov ebx, 761563C7h 0x0000004f sub dword ptr [ebp+122D274Bh], esi 0x00000055 xchg eax, esi 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F7524C2A432h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A557 second address: D9A55C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CD12 second address: D9CD66 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F7524C2A42Ah 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov ebx, 50039D5Ch 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F7524C2A428h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D1DFCh], edx 0x00000033 push 00000000h 0x00000035 mov bx, A8ADh 0x00000039 push eax 0x0000003a pushad 0x0000003b jc 00007F7524C2A42Ch 0x00000041 jns 00007F7524C2A426h 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CD66 second address: D9CD6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9EB19 second address: D9EB21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F9D6 second address: D9F9F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F7524DC454Ch 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F9F0 second address: D9F9F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F9F7 second address: D9FA09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7524DC454Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9FA09 second address: D9FA71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F7524C2A428h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 sub dword ptr [ebp+122D2D50h], edi 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F7524C2A428h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000015h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 cld 0x00000046 push 00000000h 0x00000048 sbb ebx, 1BB26C5Eh 0x0000004e jmp 00007F7524C2A42Fh 0x00000053 xchg eax, esi 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9FA71 second address: D9FA75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CF80 second address: D9CFA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524C2A432h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9EC51 second address: D9EC5B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A6F3 second address: D9A6F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0A01 second address: DA0A73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F7524DC4548h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov edi, dword ptr [ebp+122D1D96h] 0x0000002d push 00000000h 0x0000002f call 00007F7524DC454Fh 0x00000034 jmp 00007F7524DC4550h 0x00000039 pop edi 0x0000003a mov dword ptr [ebp+122D1E32h], edx 0x00000040 push 00000000h 0x00000042 mov edi, eax 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0A73 second address: DA0A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1AF2 second address: DA1AF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C2B second address: DA0C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A42Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C41 second address: DA0C45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C45 second address: DA0C6A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7524C2A437h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C6A second address: DA0CDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b and ebx, 2665DB00h 0x00000011 push dword ptr fs:[00000000h] 0x00000018 or dword ptr [ebp+1245016Eh], ebx 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push ecx 0x00000028 call 00007F7524DC4548h 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], ecx 0x00000032 add dword ptr [esp+04h], 0000001Ch 0x0000003a inc ecx 0x0000003b push ecx 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f mov dword ptr [ebp+122D23C4h], ebx 0x00000045 mov edi, 4DF371CCh 0x0000004a mov eax, dword ptr [ebp+122D1779h] 0x00000050 mov di, 615Ah 0x00000054 push FFFFFFFFh 0x00000056 mov ebx, 29EAB749h 0x0000005b push eax 0x0000005c jbe 00007F7524DC4554h 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0CDA second address: DA0CDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C5C second address: DA2C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C60 second address: DA2C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C66 second address: DA2C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1D8C second address: DA1D92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2DBE second address: DA2DD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4553h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2DD5 second address: DA2DDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AD8 second address: D40AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AE1 second address: D40AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AE7 second address: D40AF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F7524DC4546h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AF7 second address: D40B12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A437h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAC2D2 second address: DAC314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F7524DC4546h 0x0000000c popad 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F7524DC4556h 0x00000014 pushad 0x00000015 push edx 0x00000016 pop edx 0x00000017 jmp 00007F7524DC454Dh 0x0000001c jmp 00007F7524DC454Bh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB00EF second address: DB00F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB00F5 second address: DB010C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7524DC454Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB010C second address: DB0117 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F7524C2A426h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB02EC second address: DB0313 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4554h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop ecx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0313 second address: DB0343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jns 00007F7524C2A426h 0x0000000e jmp 00007F7524C2A435h 0x00000013 popad 0x00000014 popad 0x00000015 mov eax, dword ptr [eax] 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jp 00007F7524C2A426h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0343 second address: DB0347 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0347 second address: DB036E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F7524C2A42Fh 0x0000000c pop edx 0x0000000d popad 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8BE1 second address: DB8BEB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7524DC4546h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8BEB second address: DB8BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007F7524C2A426h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7F93 second address: DB7F9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F7524DC4546h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7F9E second address: DB7FA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7FA4 second address: DB7FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8239 second address: DB8253 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A436h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8253 second address: DB8266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F7524DC4546h 0x00000009 jnl 00007F7524DC4546h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8266 second address: DB8293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F7524C2A436h 0x0000000b jmp 00007F7524C2A42Ah 0x00000010 jno 00007F7524C2A426h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 jg 00007F7524C2A42Ch 0x0000001f jnl 00007F7524C2A426h 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8293 second address: DB8299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8553 second address: DB855D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88C1 second address: DB88D6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7524DC4546h 0x00000008 jmp 00007F7524DC454Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88D6 second address: DB88DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88DF second address: DB88EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88EE second address: DB88F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88F4 second address: DB88FF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jng 00007F7524DC4546h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88FF second address: DB8908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8A69 second address: DB8A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8A6D second address: DB8A71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8A71 second address: DB8A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC120 second address: DBC126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC126 second address: DBC12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC12A second address: DBC172 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A432h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F7524C2A437h 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007F7524C2A426h 0x00000016 jmp 00007F7524C2A433h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC172 second address: DBC176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC176 second address: DBC17C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC27EC second address: DC27F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC17DC second address: DC17E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC17E4 second address: DC17E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC191B second address: DC192C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 ja 00007F7524C2A430h 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1BB7 second address: DC1BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1CDD second address: DC1CE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1CE1 second address: DC1CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1CE7 second address: DC1D09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524C2A42Eh 0x00000008 jmp 00007F7524C2A42Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1D09 second address: DC1D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1D11 second address: DC1D19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC2017 second address: DC2021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7524DC4546h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC2021 second address: DC202B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7524C2A426h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC724F second address: DC7253 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC762A second address: DC762E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7E40 second address: DC7E44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7E44 second address: DC7E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4CA4D second address: D4CA6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4552h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jg 00007F7524DC4546h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4CA6E second address: D4CA96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Bh 0x00000007 jmp 00007F7524C2A431h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007F7524C2A426h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8678B second address: D86791 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86899 second address: D868A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7524C2A426h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E01 second address: D86E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E05 second address: D86E0F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E0F second address: D86E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E13 second address: D86E17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E17 second address: D86E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jnl 00007F7524DC4558h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007F7524DC4546h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E45 second address: D86E4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86F55 second address: D86FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jnl 00007F7524DC4548h 0x0000000d popad 0x0000000e push eax 0x0000000f push ecx 0x00000010 jmp 00007F7524DC4552h 0x00000015 pop ecx 0x00000016 xchg eax, esi 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F7524DC4548h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 mov dx, 559Ah 0x00000035 nop 0x00000036 pushad 0x00000037 push ebx 0x00000038 jmp 00007F7524DC4558h 0x0000003d pop ebx 0x0000003e push eax 0x0000003f push edx 0x00000040 jbe 00007F7524DC4546h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86FC0 second address: D86FDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A434h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D879FD second address: D87A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD135 second address: DCD139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD139 second address: DCD14D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD14D second address: DCD17B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F7524C2A434h 0x0000000d push edx 0x0000000e jne 00007F7524C2A426h 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jne 00007F7524C2A426h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD17B second address: DCD17F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD2E9 second address: DCD31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A433h 0x00000009 popad 0x0000000a je 00007F7524C2A428h 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7524C2A431h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD31C second address: DCD328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F7524DC4546h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD328 second address: DCD32C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD473 second address: DCD483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jl 00007F7524DC4546h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD5CD second address: DCD5F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7524C2A437h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2674 second address: DD2678 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2678 second address: DD2682 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7524C2A426h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD792A second address: DD7941 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4553h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7941 second address: DD7948 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7AB0 second address: DD7AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7AB4 second address: DD7ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7ABA second address: DD7AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7AC4 second address: DD7ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE08A second address: DDE0B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7524DC4559h 0x0000000e jg 00007F7524DC4546h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE0B7 second address: DDE0BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE0BF second address: DDE0D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F7524DC4546h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007F7524DC454Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE540 second address: DDE560 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jmp 00007F7524C2A434h 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE560 second address: DDE56C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7524DC4546h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE56C second address: DDE570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE570 second address: DDE574 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE574 second address: DDE59E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F7524C2A42Eh 0x00000010 jng 00007F7524C2A432h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE59E second address: DDE5AD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524DC454Ah 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE5AD second address: DDE5C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F7524C2A430h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE748 second address: DDE775 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F7524DC4546h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7524DC4557h 0x00000015 push ebx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE775 second address: DDE788 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F7524C2A42Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE8EF second address: DDE919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7524DC4552h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7524DC4552h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE919 second address: DDE93B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524C2A444h 0x00000008 jmp 00007F7524C2A438h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE93B second address: DDE974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7524DC4556h 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007F7524DC4546h 0x00000015 jmp 00007F7524DC4553h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE974 second address: DDE978 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE978 second address: DDE97E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE428C second address: DE42A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A432h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE42A6 second address: DE42AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE42AC second address: DE42B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3AF1 second address: DE3AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3AF5 second address: DE3B0F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7524C2A426h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d je 00007F7524C2A426h 0x00000013 js 00007F7524C2A426h 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3B0F second address: DE3B25 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7524DC454Ch 0x00000008 js 00007F7524DC4546h 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007F7524DC4546h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3B25 second address: DE3B29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3B29 second address: DE3B2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3CAE second address: DE3CF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Dh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F7524C2A431h 0x0000000f jmp 00007F7524C2A438h 0x00000014 js 00007F7524C2A426h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE776C second address: DE7787 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE78BF second address: DE78C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE78C8 second address: DE78D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE78D9 second address: DE790C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7524C2A426h 0x0000000a popad 0x0000000b jbe 00007F7524C2A432h 0x00000011 jnc 00007F7524C2A426h 0x00000017 jo 00007F7524C2A426h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F7524C2A432h 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE790C second address: DE7923 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4553h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7D19 second address: DE7D30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007F7524C2A42Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7D30 second address: DE7D49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4555h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE8052 second address: DE8056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9C7C second address: DE9CDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4555h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 je 00007F7524DC4546h 0x00000017 popad 0x00000018 jmp 00007F7524DC454Bh 0x0000001d jmp 00007F7524DC4556h 0x00000022 pushad 0x00000023 push ecx 0x00000024 pop ecx 0x00000025 jmp 00007F7524DC4550h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0B77 second address: DF0B7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0E1E second address: DF0E31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F7524DC454Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0E31 second address: DF0E67 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007F7524C2A426h 0x00000009 jmp 00007F7524C2A439h 0x0000000e pop edx 0x0000000f jl 00007F7524C2A428h 0x00000015 push edi 0x00000016 pop edi 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push ecx 0x0000001a je 00007F7524C2A432h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0E67 second address: DF0E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1960 second address: DF1965 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1C83 second address: DF1C93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1C93 second address: DF1C9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F7524C2A426h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA418 second address: DFA41E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA41E second address: DFA445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F7524C2A430h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7524C2A42Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA445 second address: DFA464 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F7524DC4546h 0x00000010 pushad 0x00000011 popad 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA827 second address: DFA82B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFAC25 second address: DFAC2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFAC2B second address: DFAC2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFAC2F second address: DFAC33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F5A second address: E04F5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F5E second address: E04F6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F7524DC4546h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F6F second address: E04F7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F7A second address: E04FA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4551h 0x00000007 jnp 00007F7524DC4546h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7524DC454Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04FA8 second address: E04FAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04FAC second address: E04FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0312E second address: E0316F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A434h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007F7524C2A438h 0x00000010 popad 0x00000011 push ebx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 je 00007F7524C2A426h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0316F second address: E03173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03173 second address: E03190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jne 00007F7524C2A430h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03190 second address: E031B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7524DC4546h 0x0000000a jng 00007F7524DC4546h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F7524DC454Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E031B0 second address: E031C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jnp 00007F7524C2A426h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03703 second address: E03736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007F7524DC4552h 0x0000000b jp 00007F7524DC4546h 0x00000011 jno 00007F7524DC4546h 0x00000017 popad 0x00000018 jp 00007F7524DC4552h 0x0000001e jo 00007F7524DC4546h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03B38 second address: E03B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A435h 0x00000009 pop edx 0x0000000a jmp 00007F7524C2A42Eh 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03B68 second address: E03B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03B6C second address: E03B77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03E05 second address: E03E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7524DC4546h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jmp 00007F7524DC4555h 0x00000011 push edx 0x00000012 pop edx 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F7524DC4555h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03E44 second address: E03E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CC7 second address: E08CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CCE second address: E08CDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F7524C2A426h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CDA second address: E08CEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CEA second address: E08CEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C295 second address: E0C299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C299 second address: E0C2BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A437h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F7524C2A42Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BC76 second address: E0BC7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BC7A second address: E0BC80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BC80 second address: E0BCA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007F7524DC4555h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BDE3 second address: E0BDFB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F7524C2A430h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BF8D second address: E0BF97 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7524DC454Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1763A second address: E1766A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A439h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F7524C2A42Ch 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1766A second address: E1766E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1766E second address: E17672 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17672 second address: E17688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 je 00007F7524DC4546h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1723C second address: E17243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17243 second address: E1724D instructions: 0x00000000 rdtsc 0x00000002 je 00007F7524DC454Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17383 second address: E1738A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1738A second address: E17391 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1AF38 second address: E1AF3D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22ED7 second address: E22EFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7524DC454Eh 0x00000010 jmp 00007F7524DC454Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22EFD second address: E22F12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A431h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22F12 second address: E22F49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F7524DC4553h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F7524DC4546h 0x00000013 jmp 00007F7524DC4556h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BC5 second address: E36BCF instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BCF second address: E36BE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 jng 00007F7524DC454Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BE9 second address: E36BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F7524C2A438h 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F7524C2A426h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BFD second address: E36C01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3552D second address: E35546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F7524C2A431h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E356B1 second address: E356B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E356B9 second address: E356BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E356BD second address: E356C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35816 second address: E3581C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3597C second address: E3599C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F7524DC4548h 0x0000000e push eax 0x0000000f pop eax 0x00000010 jmp 00007F7524DC4550h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3599C second address: E359A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F7524C2A426h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B38 second address: E35B3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B3C second address: E35B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7524C2A437h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B5E second address: E35B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B64 second address: E35B6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B6F second address: E35B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7524DC4546h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35DF1 second address: E35E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35E03 second address: E35E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35E07 second address: E35E39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A436h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jmp 00007F7524C2A433h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E368F9 second address: E36902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36902 second address: E3691B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A435h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4F100 second address: E4F106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5D132 second address: E5D14E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7524C2A436h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F469 second address: E5F47E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F7524DC4548h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F47E second address: E5F488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F488 second address: E5F48E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F48E second address: E5F493 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E783A7 second address: E783B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7524DC4546h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E783B7 second address: E783F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F7524C2A42Ch 0x0000000b popad 0x0000000c pushad 0x0000000d jp 00007F7524C2A428h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jmp 00007F7524C2A437h 0x0000001a push eax 0x0000001b push edx 0x0000001c jnc 00007F7524C2A426h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E783F1 second address: E783FC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E786CD second address: E786D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E786D3 second address: E78703 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F7524DC4552h 0x0000000a push edi 0x0000000b jmp 00007F7524DC4556h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E78847 second address: E7884B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E78CE0 second address: E78CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E78F8A second address: E78F8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D308 second address: E7D30C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D30C second address: E7D324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jnp 00007F7524C2A426h 0x00000011 jl 00007F7524C2A426h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D324 second address: E7D340 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524DC4557h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D579 second address: E7D5BD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edx, dword ptr [ebp+12485C43h] 0x00000010 push 00000004h 0x00000012 mov dword ptr [ebp+122D1E80h], eax 0x00000018 call 00007F7524C2A429h 0x0000001d jl 00007F7524C2A43Dh 0x00000023 push edi 0x00000024 jmp 00007F7524C2A435h 0x00000029 pop edi 0x0000002a push eax 0x0000002b push esi 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D5BD second address: E7D5D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D5D0 second address: E7D5DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D7E8 second address: E7D7FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7524DC454Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D7FE second address: E7D802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D802 second address: E7D80F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F240 second address: E7F24B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80D57 second address: E80D73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7524DC4552h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80D73 second address: E80D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80D77 second address: E80D8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F7524DC4546h 0x0000000f jng 00007F7524DC4546h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AA6E second address: D8AA78 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7524C2A42Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AA78 second address: D8AA90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jnp 00007F7524DC454Ch 0x0000000e jnc 00007F7524DC4546h 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AC45 second address: D8AC4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BD3F87 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BD3FB8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D8691D instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 5796

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1726083406.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726083406.0000000001593000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BB5BB0 LdrInitializeThunk,

0_2_00BB5BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor

Source: file.exe, 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.21.53.8	sergei-esenin.com	United States		13335	CLOUDFLARENETUS	true
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

Contacted Domains

Name	IP	Active
steamcommunity.com	104.102.49.254	true
sergei-esenin.com	104.21.53.8	true
eaglepawnoy.store	unknown	unknown
bathdoomgaz.store	unknown	unknown
spirittunek.store	unknown	unknown
licendfilteo.site	unknown	unknown
studennotediw.store	unknown	unknown
mobbipenju.store	unknown	unknown
clearancek.site	unknown	unknown
dissapoiznw.store	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
studennotediw.store	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
eaglepawnoy.store	true	unknown
bathdoomgaz.store	true	unknown
clearancek.site	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
mobbipenju.store	true	unknown
https://sergei-esenin.com/api	true	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900	URL Reputation: Label: malware
Source: https://steamcommunity.com/profiles/76561199724331900/badges	URL Reputation: Label: malware

Found malware configuration

Source: file.exe.6568.0.memstrmin

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.1724888787.0000000000B71000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49731 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB50FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B7D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B7D110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00BB63B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00BB99D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00BB695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00B7FCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00B80EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BB6094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00BAF030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00B86F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00B71000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00BB4040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00B9D1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B842FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00B92260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00B92260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00B7A300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00BB64B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00B8B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9E40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00B9C470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B8D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00BB1440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B86536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00BB7520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B99510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9E66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00BAB650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9D7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00BB67EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00BB7710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB5700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00B928E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00B749A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00BB3920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00B8D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B81ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B81A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00B75A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00BB4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00BA0B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00B81BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00B83BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00B8DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00B8DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00BB9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B9AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00B9AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00BB9CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00BAFC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00B97C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00B9EC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB8D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00B9DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00B9FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00B7BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00B86EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00B76EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00B81E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00B84E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00B95E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00B97E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00B9AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00B86F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00B78FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00B8FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00BB5FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00BB7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BB7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00BAFF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00B99F62

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.4:54991 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.4:54147 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.4:56852 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.4:60253 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.4:61700 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.4:57124 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.4:59705 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.4:51101 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.4:49730 -> 104.102.49.254:443
Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.53.8:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.53.8:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: studennotediw.store

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.21.53.8 104.21.53.8
Source: Joe Sandbox View	IP Address: 104.102.49.254 104.102.49.254

Internet Provider seen in connection with other malware

Source: Joe Sandbox View	ASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
Source: Joe Sandbox View	ASN Name: AKAMAI-ASUS AKAMAI-ASUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Uses a known web browser user agent for HTTP communication

Source: global traffic	HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com
Source: global traffic	HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: sergei-esenin.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: unknown

Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.st
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a61
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.fastly.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.fastly.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site/api
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/apiapi
Source: file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/applications/community/main.css?v=DVae4t4RZiHA&l=en
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/globalv2.css?v=dQy8Omh4p9PH&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/promo/summer2017/stickers.css?v=P8gOPraCSjV6&l=engl
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/header.css?v=pTvrRy1pm52p&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/css/skin_1/profilev2.css?v=t9xiI4DlPpEB&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/libraries~b28b7af69.js?v=
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/main.js?v=4XouecKy8sZy&am
Source: file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/applications/community/manifest.js?v=r7a4-LYcQOj
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/global.js?v=7qlUmHSJhPRN&l=english
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalContent.js?v=XpCpvP7feUoO&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/profile.js?v=bbs9uq0gqJ-H&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/promo/stickers.js?v=W8NP8aTVqtms&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&l=english
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpEF8tL&l=
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/javascript/webui/clientcom.js?v=jq1jQyX1843y&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/buttons.css?v=-WV9f1LdxEjq&l=english
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/motiva_sans.css?v=v7XTmVzbLV33&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_global.css?v=uF6G1wyNU-4c&l=english
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/css/shared_responsive.css?v=kR9MtmbWSZEp&l=engli
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.png
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1&l=engl
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_global.js?v=7glT1n_nkVCs&l=eng
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v=pSvIAKtunf
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eaglepawnoy.store:443/api
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api
Source: file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq~
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/apii
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/api
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://spirittunek.store:443/api
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000002.1726248405.00000000015B8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015B7000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900h6DG
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.1726083406.000000000157F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.1724553528.000000000160E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.1724600149.00000000015F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015F0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown	HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.4:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.53.8:443 -> 192.168.2.4:49731 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B80228	0_2_00B80228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BBA0D0	0_2_00BBA0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B82030	0_2_00B82030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B71000	0_2_00B71000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4040	0_2_00BB4040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB	0_2_00CF71DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7E1A0	0_2_00B7E1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B771F0	0_2_00B771F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115	0_2_00D46115
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B75160	0_2_00B75160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B712F7	0_2_00B712F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA82D0	0_2_00BA82D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA12D0	0_2_00BA12D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B713A3	0_2_00B713A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7B3A0	0_2_00B7B3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA23E0	0_2_00BA23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7A300	0_2_00B7A300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3F4C1	0_2_00D3F4C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8049B	0_2_00B8049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B84487	0_2_00B84487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA64F0	0_2_00BA64F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1F451	0_2_00C1F451
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9C470	0_2_00B9C470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4B41A	0_2_00D4B41A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B735B0	0_2_00B735B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8C5F0	0_2_00B8C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB86F0	0_2_00BB86F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAF620	0_2_00BAF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8652	0_2_00BB8652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7164F	0_2_00B7164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D44628	0_2_00D44628
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E38735	0_2_00E38735
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAE8A0	0_2_00BAE8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BAB8C0	0_2_00BAB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CC684E	0_2_00CC684E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4986D	0_2_00D4986D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BA1860	0_2_00BA1860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB89A0	0_2_00BB89A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9098B	0_2_00B9098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB7AB0	0_2_00BB7AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D42ACB	0_2_00D42ACB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8A80	0_2_00BB8A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7AA81	0_2_00C7AA81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BF3AC1	0_2_00BF3AC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D4EA67	0_2_00D4EA67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB4A40	0_2_00BB4A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B77BF0	0_2_00B77BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B8DB6F	0_2_00B8DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB6CBF	0_2_00BB6CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9CCD0	0_2_00B9CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8C02	0_2_00BB8C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D41C08	0_2_00D41C08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D04D99	0_2_00D04D99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9DD29	0_2_00B9DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9FD10	0_2_00B9FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B98D62	0_2_00B98D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7BEB0	0_2_00B7BEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B86EBF	0_2_00B86EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B84E2A	0_2_00B84E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB8E70	0_2_00BB8E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B9AE57	0_2_00B9AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CBBFDC	0_2_00CBBFDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B78FD0	0_2_00B78FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BB7FC0	0_2_00BB7FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B7AF10	0_2_00B7AF10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D3BF13	0_2_00D3BF13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C01F27	0_2_00C01F27
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CA5F21	0_2_00CA5F21

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B7CAA0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00B8D300 appears 152 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9996261344884488

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BA8220 CoCreateInstance,

0_2_00BA8220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 3028480 > 1048576

Source: file.exe

Static PE information: Raw size of xkhaisln is bigger than: 0x100000 < 0x2ba000

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.b70000.0.unpack :EW;.rsrc :W;.idata :W;xkhaisln:EW;rfekvyib:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;xkhaisln:EW;rfekvyib:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x2efdc9 should be: 0x2eaaab

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: xkhaisln
Source: file.exe	Static PE information: section name: rfekvyib
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E46048 push 4664F8ABh; mov dword ptr [esp], edx	0_2_00E461D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E46048 push ecx; mov dword ptr [esp], 04A1CF9Bh	0_2_00E461E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E1B013 push 39907781h; mov dword ptr [esp], ebp	0_2_00E1B095
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push 334C0DCDh; mov dword ptr [esp], ecx	0_2_00CF71FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push eax; mov dword ptr [esp], 69D951BAh	0_2_00CF7218
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push eax; mov dword ptr [esp], edi	0_2_00CF7241
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push ecx; mov dword ptr [esp], edx	0_2_00CF7261
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push esi; mov dword ptr [esp], edi	0_2_00CF728E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push edi; mov dword ptr [esp], 350428CEh	0_2_00CF72CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF71DB push ebp; mov dword ptr [esp], edx	0_2_00CF72D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push edi; mov dword ptr [esp], 375641C0h	0_2_00D6F1CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push ecx; mov dword ptr [esp], eax	0_2_00D6F1F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push edi; mov dword ptr [esp], 7DEA9506h	0_2_00D6F20C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6F1A6 push edi; mov dword ptr [esp], ebp	0_2_00D6F2A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFB15B push 0A4ECF00h; mov dword ptr [esp], eax	0_2_00DFB1C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00DFB15B push eax; mov dword ptr [esp], esi	0_2_00DFB1CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00E78176 push 5F3B13B9h; mov dword ptr [esp], ecx	0_2_00E7821A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 72CAC23Dh; mov dword ptr [esp], edi	0_2_00D4611D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push ebx; mov dword ptr [esp], eax	0_2_00D4617A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push eax; mov dword ptr [esp], esi	0_2_00D46259
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 1BCA2342h; mov dword ptr [esp], edi	0_2_00D46297
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push esi; mov dword ptr [esp], ecx	0_2_00D462A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 6FAAA7B8h; mov dword ptr [esp], edi	0_2_00D462F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 38FE104Dh; mov dword ptr [esp], edi	0_2_00D46318
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push edx; mov dword ptr [esp], 60A03560h	0_2_00D4631F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push eax; mov dword ptr [esp], ebp	0_2_00D4633A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push ebx; mov dword ptr [esp], 7F797E76h	0_2_00D4638D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push ebx; mov dword ptr [esp], eax	0_2_00D46399
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 62B59CE6h; mov dword ptr [esp], esp	0_2_00D463A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 0CC252D7h; mov dword ptr [esp], eax	0_2_00D463CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D46115 push 085A8877h; mov dword ptr [esp], edx	0_2_00D4640F

Source: file.exe

Static PE information: section name: entropy: 7.979276920550064

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: BD477A second address: BD4791 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524DC4552h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54B33 second address: D54B39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54B39 second address: D54B53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F7524DC4552h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D54B53 second address: D54B62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7524C2A42Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D53E36 second address: D53E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55E91 second address: D55E96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55E96 second address: D55EEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F7524DC4548h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 0000001Bh 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 mov esi, dword ptr [ebp+122D2345h] 0x0000002a push 00000000h 0x0000002c mov dword ptr [ebp+122D2D8Ch], eax 0x00000032 call 00007F7524DC4549h 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F7524DC454Dh 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55EEA second address: D55F2B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push edx 0x0000000e pop edx 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 jmp 00007F7524C2A42Dh 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b push eax 0x0000001c jns 00007F7524C2A42Ch 0x00000022 pop eax 0x00000023 mov eax, dword ptr [eax] 0x00000025 jng 00007F7524C2A434h 0x0000002b push eax 0x0000002c push edx 0x0000002d jns 00007F7524C2A426h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F2B second address: D55F43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp+04h], eax 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jnp 00007F7524DC4546h 0x00000014 popad 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F43 second address: D55F7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pop eax 0x00000007 jg 00007F7524C2A42Ch 0x0000000d push 00000003h 0x0000000f push 00000000h 0x00000011 mov ecx, dword ptr [ebp+122D3BC4h] 0x00000017 push 00000003h 0x00000019 jmp 00007F7524C2A42Ch 0x0000001e call 00007F7524C2A429h 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F7C second address: D55F92 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F92 second address: D55F96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55F96 second address: D55FD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b ja 00007F7524DC4556h 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 jmp 00007F7524DC454Dh 0x0000001d pop ecx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D55FD1 second address: D56069 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jnl 00007F7524C2A426h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F7524C2A437h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push edi 0x00000018 jmp 00007F7524C2A436h 0x0000001d pop edi 0x0000001e pop eax 0x0000001f and dh, FFFFFFB5h 0x00000022 lea ebx, dword ptr [ebp+12455CA5h] 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F7524C2A428h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 0000001Ah 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 mov ecx, 38BF86FBh 0x00000047 movsx edi, dx 0x0000004a xchg eax, ebx 0x0000004b jno 00007F7524C2A43Ch 0x00000051 push eax 0x00000052 pushad 0x00000053 push eax 0x00000054 push edx 0x00000055 pushad 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D56069 second address: D5607C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5619B second address: D561A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B30 second address: D77B3A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524DC4552h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77B3A second address: D77B49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7524C2A426h 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D425EC second address: D42609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F7524DC4546h 0x0000000a jg 00007F7524DC4546h 0x00000010 popad 0x00000011 ja 00007F7524DC454Ch 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42609 second address: D42611 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42611 second address: D4263E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Dh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F7524DC454Bh 0x00000013 pop edi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push ecx 0x00000017 push ebx 0x00000018 pushad 0x00000019 popad 0x0000001a pop ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D75CE0 second address: D75CE6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D760DE second address: D760F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 jnc 00007F7524DC4546h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D760F5 second address: D76133 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A433h 0x00000007 jmp 00007F7524C2A435h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F7524C2A432h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76133 second address: D76138 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7627D second address: D76283 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76283 second address: D76291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76291 second address: D76299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76299 second address: D762A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push ebx 0x00000009 push esi 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76515 second address: D76531 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Ah 0x00000007 jmp 00007F7524C2A42Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76531 second address: D76541 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7524DC4546h 0x0000000a pop ebx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D766CD second address: D766D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D766D3 second address: D766D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D766D9 second address: D7670E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A433h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c jmp 00007F7524C2A436h 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7670E second address: D7671E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC454Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D76CE3 second address: D76CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77229 second address: D77233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7524DC4546h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7752E second address: D77533 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77690 second address: D77699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77699 second address: D7769D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7D205 second address: D7D213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F7524DC4546h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7D213 second address: D7D21F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7524C2A426h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA50 second address: D7FA54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA54 second address: D7FA5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA5A second address: D7FA60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA60 second address: D7FA64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FA64 second address: D7FA87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f js 00007F7524DC4554h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCBB second address: D7FCC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7524C2A426h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCC6 second address: D7FCCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCCC second address: D7FCD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7FCD0 second address: D7FCE2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83712 second address: D83716 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83716 second address: D8372C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F7524DC4548h 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8372C second address: D83765 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F7524C2A428h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F7524C2A42Ah 0x00000017 jmp 00007F7524C2A431h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f pop eax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D838AB second address: D838B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D838B3 second address: D838C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F7524C2A42Eh 0x0000000b push edi 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D838C2 second address: D838C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83A26 second address: D83A4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pushad 0x0000000a popad 0x0000000b push edx 0x0000000c pop edx 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7524C2A433h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83D4B second address: D83D4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83D4F second address: D83D53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83D53 second address: D83D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4554h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F7524DC4546h 0x00000013 jmp 00007F7524DC4552h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83EE9 second address: D83EFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 ja 00007F7524C2A426h 0x0000000d jnp 00007F7524C2A426h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D83EFE second address: D83F03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85737 second address: D85758 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7524C2A43Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85758 second address: D85770 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4554h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D85770 second address: D85776 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AE99 second address: D4AEAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7524DC4546h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c je 00007F7524DC4546h 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AEAE second address: D4AED4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F7524C2A434h 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d je 00007F7524C2A451h 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AED4 second address: D4AED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4AED8 second address: D4AEF6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F7524C2A431h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87D04 second address: D87D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87D0C second address: D87D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D87DC8 second address: D87DE5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jc 00007F7524DC4561h 0x00000015 push eax 0x00000016 push edx 0x00000017 jg 00007F7524DC4546h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8821C second address: D88225 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88358 second address: D8835D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88569 second address: D8856D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88A61 second address: D88A6B instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88A6B second address: D88AE0 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7524C2A43Bh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebx 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F7524C2A428h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 nop 0x00000028 pushad 0x00000029 push eax 0x0000002a jmp 00007F7524C2A436h 0x0000002f pop eax 0x00000030 jmp 00007F7524C2A42Eh 0x00000035 popad 0x00000036 push eax 0x00000037 push edi 0x00000038 push eax 0x00000039 push edx 0x0000003a push edx 0x0000003b pop edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88C00 second address: D88C09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88C09 second address: D88C0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88EE9 second address: D88EED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88EED second address: D88EF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88EF1 second address: D88F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jc 00007F7524DC454Ch 0x00000010 jnl 00007F7524DC4546h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D88F07 second address: D88F11 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89031 second address: D89035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E1C second address: D89E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E29 second address: D89E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pop ecx 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F7524DC4548h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 mov esi, dword ptr [ebp+122D3EDCh] 0x00000029 push 00000000h 0x0000002b pushad 0x0000002c mov si, E21Bh 0x00000030 jmp 00007F7524DC454Ah 0x00000035 popad 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push esi 0x0000003b call 00007F7524DC4548h 0x00000040 pop esi 0x00000041 mov dword ptr [esp+04h], esi 0x00000045 add dword ptr [esp+04h], 00000016h 0x0000004d inc esi 0x0000004e push esi 0x0000004f ret 0x00000050 pop esi 0x00000051 ret 0x00000052 xchg eax, ebx 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 popad 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E8F second address: D89E99 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89E99 second address: D89EC0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4556h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jg 00007F7524DC4546h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AE1B second address: D8AE1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AE1F second address: D8AE25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C300 second address: D8C30A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C30A second address: D8C30F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8C30F second address: D8C344 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7524C2A426h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov esi, 45256D3Bh 0x00000013 push 00000000h 0x00000015 jmp 00007F7524C2A42Dh 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+1245D8E7h], ecx 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 jno 00007F7524C2A428h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8CEAD second address: D8CEB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F114 second address: D8F126 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F7524C2A426h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8D6F2 second address: D8D6F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8F126 second address: D8F12C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8FA51 second address: D8FAD0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F7524DC454Dh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e and si, DC54h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push ebx 0x00000018 call 00007F7524DC4548h 0x0000001d pop ebx 0x0000001e mov dword ptr [esp+04h], ebx 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc ebx 0x0000002b push ebx 0x0000002c ret 0x0000002d pop ebx 0x0000002e ret 0x0000002f jmp 00007F7524DC454Eh 0x00000034 mov di, 4046h 0x00000038 push 00000000h 0x0000003a push 00000000h 0x0000003c push esi 0x0000003d call 00007F7524DC4548h 0x00000042 pop esi 0x00000043 mov dword ptr [esp+04h], esi 0x00000047 add dword ptr [esp+04h], 00000014h 0x0000004f inc esi 0x00000050 push esi 0x00000051 ret 0x00000052 pop esi 0x00000053 ret 0x00000054 mov edi, dword ptr [ebp+12482D93h] 0x0000005a push eax 0x0000005b jl 00007F7524DC454Eh 0x00000061 push edx 0x00000062 push eax 0x00000063 push edx 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D901FD second address: D90203 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D90203 second address: D90207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91C13 second address: D91C17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91C17 second address: D91C1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91C1D second address: D91C22 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9218C second address: D921E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F7524DC4548h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 call 00007F7524DC4555h 0x0000002b and ebx, 5CCE6D53h 0x00000031 pop edi 0x00000032 push 00000000h 0x00000034 jnc 00007F7524DC4546h 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e jo 00007F7524DC4546h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D921E7 second address: D921EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D921EB second address: D921F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D931FB second address: D9328C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov di, cx 0x0000000e push 00000000h 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F7524C2A428h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 0000001Dh 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a jmp 00007F7524C2A432h 0x0000002f and edi, dword ptr [ebp+122D2430h] 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F7524C2A428h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 00000016h 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 js 00007F7524C2A42Ch 0x00000057 mov dword ptr [ebp+1245D8E7h], ecx 0x0000005d jl 00007F7524C2A432h 0x00000063 jc 00007F7524C2A42Ch 0x00000069 add dword ptr [ebp+122D2360h], ebx 0x0000006f xchg eax, esi 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9328C second address: D93290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93290 second address: D932A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7524C2A42Ah 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D932A7 second address: D932C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4559h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9234B second address: D9235D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524C2A42Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9235D second address: D92383 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jnp 00007F7524DC4563h 0x0000000e pushad 0x0000000f jmp 00007F7524DC4555h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D92383 second address: D92400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push esi 0x00000009 call 00007F7524C2A428h 0x0000000e pop esi 0x0000000f mov dword ptr [esp+04h], esi 0x00000013 add dword ptr [esp+04h], 0000001Ah 0x0000001b inc esi 0x0000001c push esi 0x0000001d ret 0x0000001e pop esi 0x0000001f ret 0x00000020 jmp 00007F7524C2A436h 0x00000025 push dword ptr fs:[00000000h] 0x0000002c add ebx, dword ptr [ebp+122D3E6Ch] 0x00000032 mov dword ptr fs:[00000000h], esp 0x00000039 mov dword ptr [ebp+12485C1Ah], edx 0x0000003f mov eax, dword ptr [ebp+122D0229h] 0x00000045 mov edi, eax 0x00000047 push FFFFFFFFh 0x00000049 sbb di, 5A99h 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 jmp 00007F7524C2A433h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D952B2 second address: D952B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D94406 second address: D9440C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D953E3 second address: D9540B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F7524DC4559h 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9540B second address: D95410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D98361 second address: D98367 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9937F second address: D99384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D99384 second address: D993F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F7524DC4557h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 mov dword ptr [ebp+124817CBh], ebx 0x00000016 push 00000000h 0x00000018 pushad 0x00000019 or dx, F8BDh 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 adc ch, 00000060h 0x00000024 popad 0x00000025 popad 0x00000026 push 00000000h 0x00000028 jmp 00007F7524DC4557h 0x0000002d push eax 0x0000002e push esi 0x0000002f pushad 0x00000030 jmp 00007F7524DC4558h 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D985CD second address: D985F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jl 00007F7524C2A43Bh 0x0000000f jmp 00007F7524C2A435h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A4D7 second address: D9A4DC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A4DC second address: D9A557 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a jmp 00007F7524C2A42Eh 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F7524C2A428h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b movzx ebx, ax 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebx 0x00000033 call 00007F7524C2A428h 0x00000038 pop ebx 0x00000039 mov dword ptr [esp+04h], ebx 0x0000003d add dword ptr [esp+04h], 00000015h 0x00000045 inc ebx 0x00000046 push ebx 0x00000047 ret 0x00000048 pop ebx 0x00000049 ret 0x0000004a mov ebx, 761563C7h 0x0000004f sub dword ptr [ebp+122D274Bh], esi 0x00000055 xchg eax, esi 0x00000056 push eax 0x00000057 push edx 0x00000058 jmp 00007F7524C2A432h 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A557 second address: D9A55C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CD12 second address: D9CD66 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F7524C2A42Ah 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov ebx, 50039D5Ch 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F7524C2A428h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000016h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D1DFCh], edx 0x00000033 push 00000000h 0x00000035 mov bx, A8ADh 0x00000039 push eax 0x0000003a pushad 0x0000003b jc 00007F7524C2A42Ch 0x00000041 jns 00007F7524C2A426h 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CD66 second address: D9CD6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9EB19 second address: D9EB21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F9D6 second address: D9F9F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F7524DC454Ch 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F9F0 second address: D9F9F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9F9F7 second address: D9FA09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7524DC454Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9FA09 second address: D9FA71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F7524C2A428h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 sub dword ptr [ebp+122D2D50h], edi 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push esi 0x0000002e call 00007F7524C2A428h 0x00000033 pop esi 0x00000034 mov dword ptr [esp+04h], esi 0x00000038 add dword ptr [esp+04h], 00000015h 0x00000040 inc esi 0x00000041 push esi 0x00000042 ret 0x00000043 pop esi 0x00000044 ret 0x00000045 cld 0x00000046 push 00000000h 0x00000048 sbb ebx, 1BB26C5Eh 0x0000004e jmp 00007F7524C2A42Fh 0x00000053 xchg eax, esi 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9FA71 second address: D9FA75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9CF80 second address: D9CFA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524C2A432h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9EC51 second address: D9EC5B instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7524DC4546h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9A6F3 second address: D9A6F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0A01 second address: DA0A73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ecx 0x00000010 call 00007F7524DC4548h 0x00000015 pop ecx 0x00000016 mov dword ptr [esp+04h], ecx 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc ecx 0x00000023 push ecx 0x00000024 ret 0x00000025 pop ecx 0x00000026 ret 0x00000027 mov edi, dword ptr [ebp+122D1D96h] 0x0000002d push 00000000h 0x0000002f call 00007F7524DC454Fh 0x00000034 jmp 00007F7524DC4550h 0x00000039 pop edi 0x0000003a mov dword ptr [ebp+122D1E32h], edx 0x00000040 push 00000000h 0x00000042 mov edi, eax 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push ebx 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0A73 second address: DA0A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1AF2 second address: DA1AF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C2B second address: DA0C41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A42Dh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C41 second address: DA0C45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C45 second address: DA0C6A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7524C2A437h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0C6A second address: DA0CDA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b and ebx, 2665DB00h 0x00000011 push dword ptr fs:[00000000h] 0x00000018 or dword ptr [ebp+1245016Eh], ebx 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push ecx 0x00000028 call 00007F7524DC4548h 0x0000002d pop ecx 0x0000002e mov dword ptr [esp+04h], ecx 0x00000032 add dword ptr [esp+04h], 0000001Ch 0x0000003a inc ecx 0x0000003b push ecx 0x0000003c ret 0x0000003d pop ecx 0x0000003e ret 0x0000003f mov dword ptr [ebp+122D23C4h], ebx 0x00000045 mov edi, 4DF371CCh 0x0000004a mov eax, dword ptr [ebp+122D1779h] 0x00000050 mov di, 615Ah 0x00000054 push FFFFFFFFh 0x00000056 mov ebx, 29EAB749h 0x0000005b push eax 0x0000005c jbe 00007F7524DC4554h 0x00000062 push eax 0x00000063 push edx 0x00000064 pushad 0x00000065 popad 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA0CDA second address: DA0CDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C5C second address: DA2C60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C60 second address: DA2C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2C66 second address: DA2C6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA1D8C second address: DA1D92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2DBE second address: DA2DD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4553h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DA2DD5 second address: DA2DDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AD8 second address: D40AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AE1 second address: D40AE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AE7 second address: D40AF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F7524DC4546h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D40AF7 second address: D40B12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A437h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DAC2D2 second address: DAC314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F7524DC4546h 0x0000000c popad 0x0000000d pop eax 0x0000000e pushad 0x0000000f jmp 00007F7524DC4556h 0x00000014 pushad 0x00000015 push edx 0x00000016 pop edx 0x00000017 jmp 00007F7524DC454Dh 0x0000001c jmp 00007F7524DC454Bh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB00EF second address: DB00F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB00F5 second address: DB010C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7524DC454Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB010C second address: DB0117 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F7524C2A426h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB02EC second address: DB0313 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4554h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edx 0x0000000f pop ecx 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 pushad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0313 second address: DB0343 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jns 00007F7524C2A426h 0x0000000e jmp 00007F7524C2A435h 0x00000013 popad 0x00000014 popad 0x00000015 mov eax, dword ptr [eax] 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a jp 00007F7524C2A426h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0343 second address: DB0347 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB0347 second address: DB036E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F7524C2A42Fh 0x0000000c pop edx 0x0000000d popad 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 pushad 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c pop eax 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8BE1 second address: DB8BEB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7524DC4546h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8BEB second address: DB8BFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jnl 00007F7524C2A426h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7F93 second address: DB7F9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F7524DC4546h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7F9E second address: DB7FA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB7FA4 second address: DB7FAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8239 second address: DB8253 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A436h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8253 second address: DB8266 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F7524DC4546h 0x00000009 jnl 00007F7524DC4546h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8266 second address: DB8293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F7524C2A436h 0x0000000b jmp 00007F7524C2A42Ah 0x00000010 jno 00007F7524C2A426h 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 jg 00007F7524C2A42Ch 0x0000001f jnl 00007F7524C2A426h 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8293 second address: DB8299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8553 second address: DB855D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88C1 second address: DB88D6 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7524DC4546h 0x00000008 jmp 00007F7524DC454Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88D6 second address: DB88DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88DF second address: DB88EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88EE second address: DB88F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88F4 second address: DB88FF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jng 00007F7524DC4546h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB88FF second address: DB8908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8A69 second address: DB8A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8A6D second address: DB8A71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DB8A71 second address: DB8A7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC120 second address: DBC126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC126 second address: DBC12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC12A second address: DBC172 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A432h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F7524C2A437h 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007F7524C2A426h 0x00000016 jmp 00007F7524C2A433h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC172 second address: DBC176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DBC176 second address: DBC17C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC27EC second address: DC27F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC17DC second address: DC17E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC17E4 second address: DC17E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC191B second address: DC192C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 ja 00007F7524C2A430h 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1BB7 second address: DC1BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1CDD second address: DC1CE1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1CE1 second address: DC1CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1CE7 second address: DC1D09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524C2A42Eh 0x00000008 jmp 00007F7524C2A42Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1D09 second address: DC1D11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC1D11 second address: DC1D19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC2017 second address: DC2021 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7524DC4546h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC2021 second address: DC202B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7524C2A426h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC724F second address: DC7253 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC762A second address: DC762E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7E40 second address: DC7E44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DC7E44 second address: DC7E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4CA4D second address: D4CA6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524DC4552h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jg 00007F7524DC4546h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4CA6E second address: D4CA96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Bh 0x00000007 jmp 00007F7524C2A431h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jp 00007F7524C2A426h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8678B second address: D86791 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86899 second address: D868A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7524C2A426h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E01 second address: D86E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E05 second address: D86E0F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E0F second address: D86E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E13 second address: D86E17 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E17 second address: D86E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jnl 00007F7524DC4558h 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007F7524DC4546h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86E45 second address: D86E4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86F55 second address: D86FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 jnl 00007F7524DC4548h 0x0000000d popad 0x0000000e push eax 0x0000000f push ecx 0x00000010 jmp 00007F7524DC4552h 0x00000015 pop ecx 0x00000016 xchg eax, esi 0x00000017 push 00000000h 0x00000019 push edi 0x0000001a call 00007F7524DC4548h 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], edi 0x00000024 add dword ptr [esp+04h], 00000015h 0x0000002c inc edi 0x0000002d push edi 0x0000002e ret 0x0000002f pop edi 0x00000030 ret 0x00000031 mov dx, 559Ah 0x00000035 nop 0x00000036 pushad 0x00000037 push ebx 0x00000038 jmp 00007F7524DC4558h 0x0000003d pop ebx 0x0000003e push eax 0x0000003f push edx 0x00000040 jbe 00007F7524DC4546h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D86FC0 second address: D86FDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A434h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D879FD second address: D87A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD135 second address: DCD139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD139 second address: DCD14D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD14D second address: DCD17B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jmp 00007F7524C2A434h 0x0000000d push edx 0x0000000e jne 00007F7524C2A426h 0x00000014 pop edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jne 00007F7524C2A426h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD17B second address: DCD17F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD2E9 second address: DCD31C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A433h 0x00000009 popad 0x0000000a je 00007F7524C2A428h 0x00000010 push edi 0x00000011 pop edi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7524C2A431h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD31C second address: DCD328 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F7524DC4546h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD328 second address: DCD32C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD473 second address: DCD483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 jl 00007F7524DC4546h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DCD5CD second address: DCD5F3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7524C2A437h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2674 second address: DD2678 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD2678 second address: DD2682 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7524C2A426h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD792A second address: DD7941 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4553h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7941 second address: DD7948 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7AB0 second address: DD7AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7AB4 second address: DD7ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7ABA second address: DD7AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DD7AC4 second address: DD7ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE08A second address: DDE0B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7524DC4559h 0x0000000e jg 00007F7524DC4546h 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE0B7 second address: DDE0BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE0BF second address: DDE0D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007F7524DC4546h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jne 00007F7524DC454Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE540 second address: DDE560 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jmp 00007F7524C2A434h 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE560 second address: DDE56C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F7524DC4546h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE56C second address: DDE570 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE570 second address: DDE574 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE574 second address: DDE59E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnl 00007F7524C2A42Eh 0x00000010 jng 00007F7524C2A432h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE59E second address: DDE5AD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524DC454Ah 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE5AD second address: DDE5C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F7524C2A430h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE748 second address: DDE775 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F7524DC4546h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F7524DC4557h 0x00000015 push ebx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE775 second address: DDE788 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F7524C2A42Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE8EF second address: DDE919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7524DC4552h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7524DC4552h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE919 second address: DDE93B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7524C2A444h 0x00000008 jmp 00007F7524C2A438h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE93B second address: DDE974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7524DC4556h 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007F7524DC4546h 0x00000015 jmp 00007F7524DC4553h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE974 second address: DDE978 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DDE978 second address: DDE97E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE428C second address: DE42A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A432h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE42A6 second address: DE42AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE42AC second address: DE42B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3AF1 second address: DE3AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3AF5 second address: DE3B0F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7524C2A426h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d je 00007F7524C2A426h 0x00000013 js 00007F7524C2A426h 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3B0F second address: DE3B25 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7524DC454Ch 0x00000008 js 00007F7524DC4546h 0x0000000e push eax 0x0000000f push edx 0x00000010 jnp 00007F7524DC4546h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3B25 second address: DE3B29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3B29 second address: DE3B2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE3CAE second address: DE3CF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A42Dh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F7524C2A431h 0x0000000f jmp 00007F7524C2A438h 0x00000014 js 00007F7524C2A426h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 push ecx 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE776C second address: DE7787 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE78BF second address: DE78C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE78C8 second address: DE78D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE78D9 second address: DE790C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7524C2A426h 0x0000000a popad 0x0000000b jbe 00007F7524C2A432h 0x00000011 jnc 00007F7524C2A426h 0x00000017 jo 00007F7524C2A426h 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F7524C2A432h 0x00000024 pushad 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE790C second address: DE7923 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4553h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7D19 second address: DE7D30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007F7524C2A42Ah 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE7D30 second address: DE7D49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4555h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE8052 second address: DE8056 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DE9C7C second address: DE9CDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4555h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push edi 0x00000010 pop edi 0x00000011 je 00007F7524DC4546h 0x00000017 popad 0x00000018 jmp 00007F7524DC454Bh 0x0000001d jmp 00007F7524DC4556h 0x00000022 pushad 0x00000023 push ecx 0x00000024 pop ecx 0x00000025 jmp 00007F7524DC4550h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0B77 second address: DF0B7B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0E1E second address: DF0E31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F7524DC454Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0E31 second address: DF0E67 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jo 00007F7524C2A426h 0x00000009 jmp 00007F7524C2A439h 0x0000000e pop edx 0x0000000f jl 00007F7524C2A428h 0x00000015 push edi 0x00000016 pop edi 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push ecx 0x0000001a je 00007F7524C2A432h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF0E67 second address: DF0E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1960 second address: DF1965 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1C83 second address: DF1C93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Ah 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DF1C93 second address: DF1C9E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F7524C2A426h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA418 second address: DFA41E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA41E second address: DFA445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F7524C2A430h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7524C2A42Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA445 second address: DFA464 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC454Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F7524DC4546h 0x00000010 pushad 0x00000011 popad 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFA827 second address: DFA82B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFAC25 second address: DFAC2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFAC2B second address: DFAC2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: DFAC2F second address: DFAC33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F5A second address: E04F5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F5E second address: E04F6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F7524DC4546h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F6F second address: E04F7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04F7A second address: E04FA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4551h 0x00000007 jnp 00007F7524DC4546h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F7524DC454Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04FA8 second address: E04FAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E04FAC second address: E04FB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0312E second address: E0316F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A434h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b jmp 00007F7524C2A438h 0x00000010 popad 0x00000011 push ebx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 pop ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 je 00007F7524C2A426h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0316F second address: E03173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03173 second address: E03190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jne 00007F7524C2A430h 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03190 second address: E031B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7524DC4546h 0x0000000a jng 00007F7524DC4546h 0x00000010 popad 0x00000011 pushad 0x00000012 jmp 00007F7524DC454Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E031B0 second address: E031C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a jnp 00007F7524C2A426h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03703 second address: E03736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007F7524DC4552h 0x0000000b jp 00007F7524DC4546h 0x00000011 jno 00007F7524DC4546h 0x00000017 popad 0x00000018 jp 00007F7524DC4552h 0x0000001e jo 00007F7524DC4546h 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03B38 second address: E03B68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A435h 0x00000009 pop edx 0x0000000a jmp 00007F7524C2A42Eh 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03B68 second address: E03B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03B6C second address: E03B77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03E05 second address: E03E44 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7524DC4546h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jmp 00007F7524DC4555h 0x00000011 push edx 0x00000012 pop edx 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F7524DC4555h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E03E44 second address: E03E48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CC7 second address: E08CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CCE second address: E08CDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F7524C2A426h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CDA second address: E08CEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push esi 0x0000000e pop esi 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E08CEA second address: E08CEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C295 second address: E0C299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0C299 second address: E0C2BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A437h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F7524C2A42Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BC76 second address: E0BC7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BC7A second address: E0BC80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BC80 second address: E0BCA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 jmp 00007F7524DC4555h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BDE3 second address: E0BDFB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F7524C2A430h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E0BF8D second address: E0BF97 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7524DC454Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1763A second address: E1766A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A439h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F7524C2A42Ch 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1766A second address: E1766E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1766E second address: E17672 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17672 second address: E17688 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 je 00007F7524DC4546h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 pushad 0x00000012 popad 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1723C second address: E17243 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17243 second address: E1724D instructions: 0x00000000 rdtsc 0x00000002 je 00007F7524DC454Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E17383 second address: E1738A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1738A second address: E17391 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E1AF38 second address: E1AF3D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22ED7 second address: E22EFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7524DC454Eh 0x00000010 jmp 00007F7524DC454Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22EFD second address: E22F12 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A431h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E22F12 second address: E22F49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F7524DC4553h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F7524DC4546h 0x00000013 jmp 00007F7524DC4556h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BC5 second address: E36BCF instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7524C2A426h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BCF second address: E36BE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524DC4550h 0x00000007 jng 00007F7524DC454Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BE9 second address: E36BFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F7524C2A438h 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F7524C2A426h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36BFD second address: E36C01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3552D second address: E35546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F7524C2A431h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E356B1 second address: E356B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E356B9 second address: E356BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E356BD second address: E356C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35816 second address: E3581C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3597C second address: E3599C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F7524DC4548h 0x0000000e push eax 0x0000000f pop eax 0x00000010 jmp 00007F7524DC4550h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E3599C second address: E359A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007F7524C2A426h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B38 second address: E35B3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B3C second address: E35B5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7524C2A437h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B5E second address: E35B64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B64 second address: E35B6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35B6F second address: E35B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7524DC4546h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35DF1 second address: E35E03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35E03 second address: E35E07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E35E07 second address: E35E39 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7524C2A436h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jmp 00007F7524C2A433h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E368F9 second address: E36902 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E36902 second address: E3691B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7524C2A435h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E4F100 second address: E4F106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5D132 second address: E5D14E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7524C2A436h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F469 second address: E5F47E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F7524DC4548h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F47E second address: E5F488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F488 second address: E5F48E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E5F48E second address: E5F493 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E783A7 second address: E783B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7524DC4546h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E783B7 second address: E783F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F7524C2A42Ch 0x0000000b popad 0x0000000c pushad 0x0000000d jp 00007F7524C2A428h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jmp 00007F7524C2A437h 0x0000001a push eax 0x0000001b push edx 0x0000001c jnc 00007F7524C2A426h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E783F1 second address: E783FC instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E786CD second address: E786D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E786D3 second address: E78703 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F7524DC4552h 0x0000000a push edi 0x0000000b jmp 00007F7524DC4556h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E78847 second address: E7884B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E78CE0 second address: E78CE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E78F8A second address: E78F8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D308 second address: E7D30C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D30C second address: E7D324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jnp 00007F7524C2A426h 0x00000011 jl 00007F7524C2A426h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D324 second address: E7D340 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7524DC4557h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D579 second address: E7D5BD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edx, dword ptr [ebp+12485C43h] 0x00000010 push 00000004h 0x00000012 mov dword ptr [ebp+122D1E80h], eax 0x00000018 call 00007F7524C2A429h 0x0000001d jl 00007F7524C2A43Dh 0x00000023 push edi 0x00000024 jmp 00007F7524C2A435h 0x00000029 pop edi 0x0000002a push eax 0x0000002b push esi 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D5BD second address: E7D5D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D5D0 second address: E7D5DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F7524C2A426h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D7E8 second address: E7D7FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7524DC454Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D7FE second address: E7D802 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7D802 second address: E7D80F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E7F240 second address: E7F24B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80D57 second address: E80D73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7524DC4552h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80D73 second address: E80D77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: E80D77 second address: E80D8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 ja 00007F7524DC4546h 0x0000000f jng 00007F7524DC4546h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AA6E second address: D8AA78 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7524C2A42Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AA78 second address: D8AA90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jnp 00007F7524DC454Ch 0x0000000e jnc 00007F7524DC4546h 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8AC45 second address: D8AC4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BD3F87 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: BD3FB8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D8691D instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 5796

Thread sleep time: -60000s >= -30000s

Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1726083406.000000000153E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1724600149.00000000015BC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726083406.0000000001593000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1726248405.00000000015BC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1725081663.0000000000D5D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00BB5BB0 LdrInitializeThunk,

0_2_00BB5BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.stor
Source: file.exe	String found in binary or memory: spirittunek.stor
Source: file.exe	String found in binary or memory: dissapoiznw.stor
Source: file.exe	String found in binary or memory: studennotediw.stor
Source: file.exe	String found in binary or memory: mobbipenju.stor
Source: file.exe	String found in binary or memory: eaglepawnoy.stor

Source: file.exe, 00000000.00000002.1725326692.0000000000DA3000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

ID:	1538235
Product:	CloudBasic
Start time:	21:14:07
Start date:	20.10.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	4f7d940e5a6e1a752310810ed5e48d90
SHA1:	6d600a018c09d0c27b6fb0a1115a8b734f071274
SHA256:	cabc120fdab47adca73614a9d78ba234c67d664dccce4998a89db47ecb856a3d
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
file.exe

Malware Threat Intel
Provided by