Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1542212
MD5:	f031a66d5204065098bbc0f49e926344
SHA1:	e695a8f3461113fb2e8078f95545d4b1c014a63a
SHA256:	8e51964eeb20bc96f08331b69264cb9c6a341ef7dff93ed81e4576824f599c33
Tags:	exeuser-Bitsight
Infos:

Detection

LummaC

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected LummaC Stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Hides threads from debuggers

LummaC encrypted strings found

Machine Learning detection for sample

PE file contains section with special chars

Sample uses string decryption to hide its real strings

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Detected potential crypto function

Entry point lies outside standard sections

Found inlined nop instructions (likely shell or obfuscated code)

Found potential string decryption / allocating functions

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

PE file contains an invalid checksum

PE file contains sections with non-standard names

Uses 32bit PE files

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Lumma Stealer, LummaC2 Stealer	Lumma Stealer (aka LummaC2 Stealer) is an information stealer written in C language that has been available through a Malware-as-a-Service (MaaS) model on Russian-speaking forums since at least August 2022. It is believed to have been developed by the threat actor "Shamel", who goes by the alias "Lumma". Lumma Stealer primarily targets cryptocurrency wallets and two-factor authentication (2FA) browser extensions, before ultimately stealing sensitive information from the victim's machine. Once the targeted data is obtained, it is exfiltrated to a C2 server via HTTP POST requests using the user agent "TeslaBrowser/5.5"." The stealer also features a non-resident loader that is capable of delivering additional payloads via EXE, DLL, and PowerShell.	No Attribution	https://0xmrmagnezi.github.io/malware%20analysis/LummaStealer/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/lummac2-breakdown#chrome-extensions-crx https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.cyble.com/2023/01/06/lummac2-stealer-a-potent-threat-to-crypto-users/ https://blog.sekoia.io/exposing-fakebat-loader-distribution-methods-and-adversary-infrastructure/	https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.2720.0.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": ["mobbipenju.store", "dissapoiznw.store", "clearancek.site", "spirittunek.store", "licendfilteo.site", "eaglepawnoy.store", "bathdoomgaz.store", "studennotediw.store"], "Build id": "4SD0y4--legendaryy"}

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 39%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49710 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F350FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00EFD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00EFD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00F363B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F35700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00F399D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00F3695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00EFFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00F00EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00F36094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00F34040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00F2F030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00F06F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00EF1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00F1D1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00F042FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00F12260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00F12260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00EFA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00F364B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00F1C470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F0D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00F31440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00F0B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1E40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00EF8590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00F06536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00F37520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F19510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1E66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00F2B650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00F367EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1D7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00F37710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00F128E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00EF49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00F0D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00F33920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F01ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00F34A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00EF5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F01A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00F03BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00F01BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00F20B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00F39B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00F0DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00F0DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F39CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00F39CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F1AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00F1AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00F1EC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00F2FC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00F17C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F38D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00F1FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00EF6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00F06EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00EFBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00F01E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F15E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F17E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00F1AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00F04E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00F35FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00F0FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00F37FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F37FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00EF8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00F06F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F2FF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F19F62

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:57086 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:49256 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:51083 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:65256 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:54980 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:58614 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:53835 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:57079 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49710 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: studennotediw.store

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: GET /profiles/76561199724331900 HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: steamcommunity.com

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000003.2165206841.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec8103907e3e99aebe27b; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=d53cd9724c17ac1a847cad24; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35741Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 25 Oct 2024 14:48:33 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000002.2166053911.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.s
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8d
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bathdoomgaz.store:443/apiz
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&l=engli
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&amp
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eaglepawnoy.store:443/apiS
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/t
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166053911.0000000000A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.2166053911.0000000000A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165206841.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec81
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://studennotediw.store:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49710 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F00228	0_2_00F00228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3A0D0	0_2_00F3A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD	0_2_00F7E0AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F34040	0_2_00F34040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F02030	0_2_00F02030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022	0_2_00F8A022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1	0_2_010B21E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF1000	0_2_00EF1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF71F0	0_2_00EF71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFE1A0	0_2_00EFE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF5160	0_2_00EF5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF12F7	0_2_00EF12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F282D0	0_2_00F282D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F212D0	0_2_00F212D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F223E0	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF13A3	0_2_00EF13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFB3A0	0_2_00EFB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010752E4	0_2_010752E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFA300	0_2_00EFA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F264F0	0_2_00F264F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0049B	0_2_00F0049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F04487	0_2_00F04487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1C470	0_2_00F1C470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0C5F0	0_2_00F0C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB25BB	0_2_00FB25BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF35B0	0_2_00EF35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF8590	0_2_00EF8590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106548C	0_2_0106548C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BC4DA	0_2_010BC4DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F386F0	0_2_00F386F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B9728	0_2_010B9728
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF164F	0_2_00EF164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38652	0_2_00F38652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2F620	0_2_00F2F620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2B8C0	0_2_00F2B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2E8A0	0_2_00F2E8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F21860	0_2_00F21860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFA850	0_2_00EFA850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AF9CC	0_2_010AF9CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F389A0	0_2_00F389A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B5858	0_2_010B5858
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1098B	0_2_00F1098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F37AB0	0_2_00F37AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38A80	0_2_00F38A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102EB83	0_2_0102EB83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107EB99	0_2_0107EB99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F34A40	0_2_00F34A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF7BF0	0_2_00EF7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010ADA3C	0_2_010ADA3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BAA65	0_2_010BAA65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0DB6F	0_2_00F0DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01088AE1	0_2_01088AE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1CCD0	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F36CBF	0_2_00F36CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38C02	0_2_00F38C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B3C4B	0_2_010B3C4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F18D62	0_2_00F18D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AECA7	0_2_010AECA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1DD29	0_2_00F1DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1FD10	0_2_00F1FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F06EBF	0_2_00F06EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFBEB0	0_2_00EFBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38E70	0_2_00F38E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1AE57	0_2_00F1AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F04E2A	0_2_00F04E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCBE00	0_2_00FCBE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F37FC0	0_2_00F37FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF8FD0	0_2_00EF8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFAF10	0_2_00EFAF10

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00F0D300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00EFCAA0 appears 48 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9996261344884488

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F28220 CoCreateInstance,

0_2_00F28220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 39%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNe

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 2931712 > 1048576

Source: file.exe

Static PE information: Raw size of yzbnnslb is bigger than: 0x100000 < 0x2a2600

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.ef0000.0.unpack :EW;.rsrc :W;.idata :W;yzbnnslb:EW;jnfhazfa:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;yzbnnslb:EW;jnfhazfa:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x2d7de2 should be: 0x2d01b1

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: yzbnnslb
Source: file.exe	Static PE information: section name: jnfhazfa
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01197108 push 290636B3h; mov dword ptr [esp], eax	0_2_01197A04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01197108 push eax; mov dword ptr [esp], 64E341B7h	0_2_01197A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD push 1ADA531Ch; mov dword ptr [esp], ebp	0_2_00F7E21E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD push eax; mov dword ptr [esp], 3533EDE3h	0_2_00F7E22D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD push 2AA7E394h; mov dword ptr [esp], esi	0_2_00F7E28E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011F319B push ebx; mov dword ptr [esp], eax	0_2_011F31FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011F319B push 31007003h; mov dword ptr [esp], eax	0_2_011F3289
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011F319B push 088F1CBDh; mov dword ptr [esp], eax	0_2_011F32A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0113B188 push 680895CDh; mov dword ptr [esp], edx	0_2_0113B1BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0113B188 push ebp; mov dword ptr [esp], 04D332C9h	0_2_0113B249
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0113B188 push 28AE0C7Ah; mov dword ptr [esp], ecx	0_2_0113B274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push eax; mov dword ptr [esp], esp	0_2_00F8A066
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push ebp; mov dword ptr [esp], ebx	0_2_00F8A09B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push edx; mov dword ptr [esp], edi	0_2_00F8A0DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push 4FCF42E9h; mov dword ptr [esp], ecx	0_2_00F8A173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push eax; mov dword ptr [esp], edi	0_2_00F8A205
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push 1791AD5Fh; mov dword ptr [esp], ebx	0_2_00F8A239
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 7FC7FD77h; mov dword ptr [esp], eax	0_2_010B21EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 1D5742C1h; mov dword ptr [esp], esp	0_2_010B21F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push esi; mov dword ptr [esp], eax	0_2_010B227B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push esi; mov dword ptr [esp], edx	0_2_010B22D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push ebp; mov dword ptr [esp], esi	0_2_010B2335
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push ebx; mov dword ptr [esp], edi	0_2_010B2375
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 126E0B13h; mov dword ptr [esp], ebx	0_2_010B23B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edx; mov dword ptr [esp], ecx	0_2_010B23C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 59751F7Ah; mov dword ptr [esp], edx	0_2_010B23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edi; mov dword ptr [esp], 55F517A8h	0_2_010B240E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edi; mov dword ptr [esp], edx	0_2_010B242B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edi; mov dword ptr [esp], ecx	0_2_010B2432
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push ecx; mov dword ptr [esp], esi	0_2_010B2436
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 30A72E01h; mov dword ptr [esp], esi	0_2_010B246B

Source: file.exe

Static PE information: section name: entropy: 7.984920165696558

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C23BF second address: 10C23DE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F454889E297h 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C144F second address: 10C1455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C1703 second address: 10C1711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F454889E286h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C18C1 second address: 10C18C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C18C8 second address: 10C18D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jno 00007F454889E286h 0x0000000c popad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C18D8 second address: 10C18DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C1A0D second address: 10C1A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C1A13 second address: 10C1A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F45493BD410h 0x0000000e ja 00007F45493BD406h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3513 second address: 10C351A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C351A second address: 10C3527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3527 second address: 10C352B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C35B7 second address: 10C35EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD416h 0x00000009 popad 0x0000000a jo 00007F45493BD408h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F45493BD40Eh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C35EC second address: 10C36AC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F454889E299h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c and edi, dword ptr [ebp+122D1CF0h] 0x00000012 jmp 00007F454889E28Ah 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007F454889E288h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 push 476BE9B4h 0x00000038 jmp 00007F454889E28Fh 0x0000003d xor dword ptr [esp], 476BE934h 0x00000044 mov ecx, edi 0x00000046 push 00000003h 0x00000048 movsx edx, cx 0x0000004b mov dword ptr [ebp+122D23E4h], ecx 0x00000051 push 00000000h 0x00000053 push 00000000h 0x00000055 push ebp 0x00000056 call 00007F454889E288h 0x0000005b pop ebp 0x0000005c mov dword ptr [esp+04h], ebp 0x00000060 add dword ptr [esp+04h], 00000017h 0x00000068 inc ebp 0x00000069 push ebp 0x0000006a ret 0x0000006b pop ebp 0x0000006c ret 0x0000006d mov edi, dword ptr [ebp+122D235Eh] 0x00000073 push 00000003h 0x00000075 mov ecx, dword ptr [ebp+122D38CDh] 0x0000007b call 00007F454889E289h 0x00000080 je 00007F454889E294h 0x00000086 push eax 0x00000087 push edx 0x00000088 jc 00007F454889E286h 0x0000008e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C36AC second address: 10C36C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jo 00007F45493BD40Eh 0x0000000d jns 00007F45493BD408h 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push edx 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C36C9 second address: 10C372A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 je 00007F454889E288h 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 popad 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jmp 00007F454889E293h 0x0000001f pop eax 0x00000020 call 00007F454889E28Bh 0x00000025 mov edx, 1ADA99C6h 0x0000002a pop edx 0x0000002b lea ebx, dword ptr [ebp+12443471h] 0x00000031 mov edi, 457C0031h 0x00000036 xchg eax, ebx 0x00000037 jmp 00007F454889E290h 0x0000003c push eax 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C372A second address: 10C372E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3876 second address: 10C38A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F454889E28Eh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C38A0 second address: 10C38B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45493BD410h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C38B4 second address: 10C38B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C38B8 second address: 10C390F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b jng 00007F45493BD408h 0x00000011 pushad 0x00000012 popad 0x00000013 jc 00007F45493BD416h 0x00000019 jmp 00007F45493BD410h 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 jmp 00007F45493BD412h 0x00000028 pop eax 0x00000029 mov edi, dword ptr [ebp+122D3C66h] 0x0000002f lea ebx, dword ptr [ebp+1244347Ah] 0x00000035 mov si, di 0x00000038 push eax 0x00000039 pushad 0x0000003a pushad 0x0000003b push ebx 0x0000003c pop ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C390F second address: 10C3918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C39D1 second address: 10C39E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C39E8 second address: 10C3A1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F454889E297h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jl 00007F454889E28Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 jno 00007F454889E286h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3A1D second address: 10C3A2E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3A2E second address: 10C3A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3A32 second address: 10C3A3C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D6627 second address: 10D662B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D662B second address: 10D6631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BA574 second address: 10BA595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F454889E298h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BA595 second address: 10BA59B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3295 second address: 10E329B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E329B second address: 10E32B3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jbe 00007F45493BD406h 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E32B3 second address: 10E32BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E35F8 second address: 10E35FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E35FC second address: 10E3602 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3756 second address: 10E375C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E38E9 second address: 10E3953 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E294h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F454889E290h 0x00000011 jg 00007F454889E286h 0x00000017 jmp 00007F454889E28Ch 0x0000001c popad 0x0000001d pop edi 0x0000001e pushad 0x0000001f jl 00007F454889E296h 0x00000025 pushad 0x00000026 popad 0x00000027 jmp 00007F454889E28Eh 0x0000002c push eax 0x0000002d push edx 0x0000002e jc 00007F454889E286h 0x00000034 jmp 00007F454889E28Ch 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3AB2 second address: 10E3AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F45493BD406h 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3AC0 second address: 10E3ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F454889E295h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C5A second address: 10E3C62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C62 second address: 10E3C66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C66 second address: 10E3C72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F45493BD406h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C72 second address: 10E3C7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jns 00007F454889E286h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C7E second address: 10E3C91 instructions: 0x00000000 rdtsc 0x00000002 js 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jne 00007F45493BD406h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4059 second address: 10E405D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E405D second address: 10E406F instructions: 0x00000000 rdtsc 0x00000002 je 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007F45493BD412h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E406F second address: 10E4081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F454889E286h 0x0000000a jo 00007F454889E28Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E45A8 second address: 10E45D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD411h 0x00000009 jg 00007F45493BD406h 0x0000000f popad 0x00000010 jnc 00007F45493BD40Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E45D4 second address: 10E45D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E45D8 second address: 10E45F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F45493BD413h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ebx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4C06 second address: 10E4C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DE6 second address: 10E4DEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DEA second address: 10E4DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DF0 second address: 10E4DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DF6 second address: 10E4DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4F3A second address: 10E4F40 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4F40 second address: 10E4F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F454889E28Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4F54 second address: 10E4F61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E50EF second address: 10E50F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE7D2 second address: 10AE7DC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE7DC second address: 10AE7E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE7E2 second address: 10AE7E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EB7AB second address: 10EB7B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EB7B1 second address: 10EB7B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFB48 second address: 10EFB4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFB4C second address: 10EFB5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFCCF second address: 10EFCF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F454889E286h 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007F454889E28Dh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007F454889E2A2h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFCF3 second address: 10EFD25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD416h 0x00000009 jmp 00007F45493BD418h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0048 second address: 10F0058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jo 00007F454889E286h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F01A6 second address: 10F01AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1A9A second address: 10F1AA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AA0 second address: 10F1AAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AAA second address: 10F1AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F454889E286h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F454889E28Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AC4 second address: 10F1AD7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AD7 second address: 10F1AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AE4 second address: 10F1AE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F66C7 second address: 10F66CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F66CB second address: 10F66EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD417h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F66EA second address: 10F6713 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push eax 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop eax 0x00000010 pop eax 0x00000011 mov eax, dword ptr [eax] 0x00000013 jmp 00007F454889E28Ch 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F6713 second address: 10F673A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov esi, dword ptr [ebp+122D3ABAh] 0x0000000d push F656D5B4h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F45493BD411h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F673A second address: 10F6740 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F6ADE second address: 10F6AE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F6BAA second address: 10F6BB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F454889E286h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F759D second address: 10F75A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F75A1 second address: 10F75B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F454889E291h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F76DC second address: 10F7707 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F45493BD40Ch 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jc 00007F45493BD412h 0x00000014 jmp 00007F45493BD40Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F78B2 second address: 10F78BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F454889E286h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F79A2 second address: 10F79A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F8655 second address: 10F8659 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F9885 second address: 10F98FA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c jbe 00007F45493BD40Ch 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F45493BD408h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebp 0x00000033 call 00007F45493BD408h 0x00000038 pop ebp 0x00000039 mov dword ptr [esp+04h], ebp 0x0000003d add dword ptr [esp+04h], 0000001Ah 0x00000045 inc ebp 0x00000046 push ebp 0x00000047 ret 0x00000048 pop ebp 0x00000049 ret 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F45493BD417h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F98FA second address: 10F9904 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E28Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FACC8 second address: 10FACDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45493BD40Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FACDC second address: 10FACE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FCDE3 second address: 10FCDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD414h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FCDFC second address: 10FCE01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110120B second address: 110120F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110120F second address: 1101215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1101215 second address: 1101232 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45493BD419h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110215E second address: 1102165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110144A second address: 1101467 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1102165 second address: 11021A7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov ebx, dword ptr [ebp+122D235Eh] 0x00000011 push 00000000h 0x00000013 mov ebx, edi 0x00000015 mov bx, ax 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007F454889E288h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 push edx 0x0000003a pop edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11021A7 second address: 11021AD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11022B3 second address: 11022B9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11022B9 second address: 11022C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F45493BD406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1103F5D second address: 1103F63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1103F63 second address: 1103F67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110402F second address: 1104035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104035 second address: 110405A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F45493BD418h 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110405A second address: 1104074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F454889E293h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104074 second address: 1104078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104F90 second address: 1104F94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104F94 second address: 1104FB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F45493BD40Ch 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104FB4 second address: 1104FBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F454889E286h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104FBE second address: 1104FC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110505D second address: 110506F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F454889E286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F454889E28Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11051E7 second address: 11051EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107087 second address: 110708B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11061FF second address: 1106206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1106206 second address: 110620C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110620C second address: 1106210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1106210 second address: 110621F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110621F second address: 1106225 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11081B9 second address: 11081BF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11081BF second address: 11081C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11081C5 second address: 11081C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110831F second address: 1108323 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1108323 second address: 1108329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1108329 second address: 11083D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F45493BD408h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov dword ptr [ebp+1244383Bh], ebx 0x0000002a mov ebx, ecx 0x0000002c push dword ptr fs:[00000000h] 0x00000033 pushad 0x00000034 mov dword ptr [ebp+122D35DBh], ecx 0x0000003a clc 0x0000003b popad 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 push eax 0x00000044 mov dword ptr [ebp+122D1EA3h], edx 0x0000004a pop ebx 0x0000004b mov eax, dword ptr [ebp+122D0885h] 0x00000051 mov ebx, dword ptr [ebp+12450943h] 0x00000057 push FFFFFFFFh 0x00000059 push 00000000h 0x0000005b push esi 0x0000005c call 00007F45493BD408h 0x00000061 pop esi 0x00000062 mov dword ptr [esp+04h], esi 0x00000066 add dword ptr [esp+04h], 0000001Dh 0x0000006e inc esi 0x0000006f push esi 0x00000070 ret 0x00000071 pop esi 0x00000072 ret 0x00000073 mov dword ptr [ebp+122DBBC4h], edi 0x00000079 mov ebx, dword ptr [ebp+122D1D3Ah] 0x0000007f nop 0x00000080 jl 00007F45493BD414h 0x00000086 push eax 0x00000087 push edx 0x00000088 pushad 0x00000089 popad 0x0000008a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11083D3 second address: 11083D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110A2B6 second address: 110A2BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110A2BA second address: 110A2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jne 00007F454889E286h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110B2FF second address: 110B305 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110B305 second address: 110B375 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E296h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c sub edi, dword ptr [ebp+122D3B1Ah] 0x00000012 mov bh, 31h 0x00000014 push 00000000h 0x00000016 mov ebx, dword ptr [ebp+122D3D02h] 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ebp 0x00000021 call 00007F454889E288h 0x00000026 pop ebp 0x00000027 mov dword ptr [esp+04h], ebp 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc ebp 0x00000034 push ebp 0x00000035 ret 0x00000036 pop ebp 0x00000037 ret 0x00000038 clc 0x00000039 xchg eax, esi 0x0000003a jmp 00007F454889E299h 0x0000003f push eax 0x00000040 pushad 0x00000041 jp 00007F454889E28Ch 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C31D second address: 110C321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C321 second address: 110C325 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C325 second address: 110C3AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F45493BD408h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 jbe 00007F45493BD40Ah 0x0000002a mov di, 5D74h 0x0000002e push 00000000h 0x00000030 mov bx, 0E2Eh 0x00000034 push ecx 0x00000035 mov di, dx 0x00000038 pop ebx 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ecx 0x0000003e call 00007F45493BD408h 0x00000043 pop ecx 0x00000044 mov dword ptr [esp+04h], ecx 0x00000048 add dword ptr [esp+04h], 0000001Bh 0x00000050 inc ecx 0x00000051 push ecx 0x00000052 ret 0x00000053 pop ecx 0x00000054 ret 0x00000055 mov edi, 17A76A6Dh 0x0000005a xchg eax, esi 0x0000005b push eax 0x0000005c push edx 0x0000005d push esi 0x0000005e jmp 00007F45493BD419h 0x00000063 pop esi 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110A49F second address: 110A4A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11093FD second address: 110940A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110940A second address: 11094A5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E28Ch 0x00000008 js 00007F454889E286h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov bx, di 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F454889E288h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 mov dword ptr [ebp+122D1D5Eh], edx 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 mov ebx, edx 0x00000044 mov eax, dword ptr [ebp+122D0689h] 0x0000004a mov dword ptr [ebp+12448CE6h], edi 0x00000050 push FFFFFFFFh 0x00000052 push 00000000h 0x00000054 push ebx 0x00000055 call 00007F454889E288h 0x0000005a pop ebx 0x0000005b mov dword ptr [esp+04h], ebx 0x0000005f add dword ptr [esp+04h], 0000001Ah 0x00000067 inc ebx 0x00000068 push ebx 0x00000069 ret 0x0000006a pop ebx 0x0000006b ret 0x0000006c mov dword ptr [ebp+122D1D01h], ecx 0x00000072 mov edi, dword ptr [ebp+122D3BC6h] 0x00000078 nop 0x00000079 jnl 00007F454889E28Eh 0x0000007f push eax 0x00000080 push eax 0x00000081 push edx 0x00000082 push ecx 0x00000083 pushad 0x00000084 popad 0x00000085 pop ecx 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110B4AF second address: 110B4B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C523 second address: 110C533 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C533 second address: 110C538 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C5E0 second address: 110C5F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11105CD second address: 11105D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11105D2 second address: 11105D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110F702 second address: 110F7B4 instructions: 0x00000000 rdtsc 0x00000002 js 00007F45493BD408h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f sub bx, 16EFh 0x00000014 push dword ptr fs:[00000000h] 0x0000001b xor dword ptr [ebp+122D1D01h], ecx 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 push 00000000h 0x0000002a push esi 0x0000002b call 00007F45493BD408h 0x00000030 pop esi 0x00000031 mov dword ptr [esp+04h], esi 0x00000035 add dword ptr [esp+04h], 0000001Dh 0x0000003d inc esi 0x0000003e push esi 0x0000003f ret 0x00000040 pop esi 0x00000041 ret 0x00000042 call 00007F45493BD40Fh 0x00000047 mov ebx, dword ptr [ebp+122D235Ah] 0x0000004d pop edi 0x0000004e mov eax, dword ptr [ebp+122D1691h] 0x00000054 pushad 0x00000055 mov dword ptr [ebp+122D1E17h], ecx 0x0000005b mov dword ptr [ebp+122D2A88h], esi 0x00000061 popad 0x00000062 sub edi, dword ptr [ebp+122D3C56h] 0x00000068 push FFFFFFFFh 0x0000006a push 00000000h 0x0000006c push ebp 0x0000006d call 00007F45493BD408h 0x00000072 pop ebp 0x00000073 mov dword ptr [esp+04h], ebp 0x00000077 add dword ptr [esp+04h], 00000018h 0x0000007f inc ebp 0x00000080 push ebp 0x00000081 ret 0x00000082 pop ebp 0x00000083 ret 0x00000084 push eax 0x00000085 push eax 0x00000086 push edx 0x00000087 push eax 0x00000088 push edx 0x00000089 jmp 00007F45493BD40Eh 0x0000008e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110F7B4 second address: 110F7BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106EC second address: 11106F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106F2 second address: 11106F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106F8 second address: 11106FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106FC second address: 1110717 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F454889E28Ch 0x00000015 jl 00007F454889E286h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1110717 second address: 11107D3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F45493BD408h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b pushad 0x0000000c jbe 00007F45493BD407h 0x00000012 clc 0x00000013 add bx, AA0Ah 0x00000018 popad 0x00000019 push dword ptr fs:[00000000h] 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F45493BD408h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 00000019h 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a call 00007F45493BD411h 0x0000003f mov edi, 09F01A72h 0x00000044 pop ebx 0x00000045 movzx edi, ax 0x00000048 mov dword ptr fs:[00000000h], esp 0x0000004f call 00007F45493BD40Eh 0x00000054 jmp 00007F45493BD40Ch 0x00000059 pop ebx 0x0000005a mov eax, dword ptr [ebp+122D0811h] 0x00000060 mov dword ptr [ebp+122D23EAh], ebx 0x00000066 push FFFFFFFFh 0x00000068 movsx edi, cx 0x0000006b nop 0x0000006c jmp 00007F45493BD419h 0x00000071 push eax 0x00000072 pushad 0x00000073 jbe 00007F45493BD40Ch 0x00000079 jl 00007F45493BD406h 0x0000007f push eax 0x00000080 push edx 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11107D3 second address: 11107D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112A40 second address: 1112A5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD417h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112A5B second address: 1112A62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6E49 second address: 10B6E56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F45493BD406h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116ECA second address: 1116ED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116ED1 second address: 1116EF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F45493BD40Bh 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116EF0 second address: 1116F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jnl 00007F454889E286h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111730B second address: 1117317 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1117317 second address: 111731D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111731D second address: 1117323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1117323 second address: 1117329 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1117329 second address: 111733B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111733B second address: 111735A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F454889E28Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007F454889E286h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D65F second address: 111D665 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D665 second address: 111D669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D669 second address: 111D692 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD417h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jl 00007F45493BD410h 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D7DE second address: 111D7F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D7F6 second address: 111D818 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD415h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D818 second address: 111D81D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D81D second address: 111D822 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1121BCF second address: 1121BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E293h 0x00000007 jl 00007F454889E28Eh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1121E9C second address: 1121EB9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F45493BD412h 0x00000008 pushad 0x00000009 jl 00007F45493BD406h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8A1C second address: 10B8A28 instructions: 0x00000000 rdtsc 0x00000002 je 00007F454889E286h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8A28 second address: 10B8A42 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 jmp 00007F45493BD411h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11260B3 second address: 11260C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11260C2 second address: 11260C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11260C8 second address: 11260DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Dh 0x00000007 js 00007F454889E292h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3A88 second address: 10F3A8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3A8C second address: 10F3A92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3A92 second address: 10F3B71 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F45493BD41Fh 0x00000008 jmp 00007F45493BD419h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebx 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F45493BD408h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a jmp 00007F45493BD414h 0x0000002f call 00007F45493BD40Eh 0x00000034 call 00007F45493BD40Bh 0x00000039 mov di, AEE6h 0x0000003d pop edx 0x0000003e pop edx 0x0000003f jng 00007F45493BD412h 0x00000045 je 00007F45493BD40Ch 0x0000004b xor edi, 2A846774h 0x00000051 push dword ptr fs:[00000000h] 0x00000058 mov dword ptr [ebp+122D38E4h], ebx 0x0000005e mov dword ptr fs:[00000000h], esp 0x00000065 mov edx, 2B47168Ah 0x0000006a mov dword ptr [ebp+12473692h], esp 0x00000070 mov ecx, ebx 0x00000072 cmp dword ptr [ebp+122D3B92h], 00000000h 0x00000079 jne 00007F45493BD4ABh 0x0000007f ja 00007F45493BD40Ah 0x00000085 mov di, 2600h 0x00000089 mov byte ptr [ebp+122D1C05h], 00000047h 0x00000090 movzx edi, ax 0x00000093 mov eax, D49AA7D2h 0x00000098 mov ecx, edx 0x0000009a nop 0x0000009b pushad 0x0000009c jc 00007F45493BD40Ch 0x000000a2 push eax 0x000000a3 push edx 0x000000a4 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F47FE second address: 10F4803 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4AD3 second address: 10F4AE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F45493BD406h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D8B2D second address: 10D8B3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11263EC second address: 112640C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F45493BD418h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112640C second address: 1126410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126410 second address: 112641F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112641F second address: 112642E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112642E second address: 1126434 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126560 second address: 1126565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126565 second address: 1126596 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007F45493BD406h 0x00000009 pop edx 0x0000000a jmp 00007F45493BD411h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jnp 00007F45493BD406h 0x0000001d popad 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126596 second address: 112659F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126715 second address: 1126724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F45493BD408h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126724 second address: 112672A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112672A second address: 1126734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F45493BD406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126734 second address: 1126738 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126CFA second address: 1126CFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11289CD second address: 11289E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F454889E286h 0x0000000f jc 00007F454889E286h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112FAF3 second address: 112FAF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B3827 second address: 10B383D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F454889E28Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E875 second address: 112E879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E879 second address: 112E8AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E298h 0x00000007 jmp 00007F454889E298h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E8AD second address: 112E8B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E8B2 second address: 112E8B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E8B8 second address: 112E8DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F45493BD406h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 jp 00007F45493BD406h 0x00000018 pop ecx 0x00000019 jnp 00007F45493BD40Ch 0x0000001f jg 00007F45493BD406h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112EE44 second address: 112EE48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F17F second address: 112F183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F2D1 second address: 112F2D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F2D5 second address: 112F2E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F2E1 second address: 112F2E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11333D8 second address: 11333F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F45493BD410h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11368B0 second address: 11368B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11368B6 second address: 11368BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11368BC second address: 11368DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F454889E286h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F454889E293h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B513 second address: 113B519 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B519 second address: 113B525 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E28Eh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B6CC second address: 113B6D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B6D4 second address: 113B6DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B6DC second address: 113B6E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F45493BD406h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B841 second address: 113B845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B845 second address: 113B849 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B849 second address: 113B84F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B84F second address: 113B858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B858 second address: 113B862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113C53E second address: 113C544 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F690 second address: 113F695 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F695 second address: 113F6E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD40Dh 0x00000009 pop edx 0x0000000a jno 00007F45493BD415h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F45493BD411h 0x00000019 push eax 0x0000001a jmp 00007F45493BD40Fh 0x0000001f jl 00007F45493BD406h 0x00000025 pop eax 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F6E8 second address: 113F6FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F454889E292h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F885 second address: 113F88D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F33 second address: 1146F39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F39 second address: 1146F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F3E second address: 1146F66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E296h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F454889E28Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F66 second address: 1146F6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C116 second address: 114C11C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3A1 second address: 114C3BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F45493BD410h 0x0000000c jnl 00007F45493BD406h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3BE second address: 114C3CA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jg 00007F454889E286h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3CA second address: 114C3EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45493BD416h 0x00000008 jne 00007F45493BD406h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3EB second address: 114C3FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jp 00007F454889E286h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3FB second address: 114C401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C522 second address: 114C526 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4591 second address: 10F45AC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F45493BD40Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e ja 00007F45493BD406h 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C9BB second address: 114C9C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114CB1D second address: 114CB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F45493BD406h 0x0000000a jmp 00007F45493BD411h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114CB3A second address: 114CB4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F454889E286h 0x0000000d jo 00007F454889E286h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114CB4D second address: 114CB6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD418h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1150F61 second address: 1150F65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11510C2 second address: 11510D6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F45493BD406h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F45493BD41Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11510D6 second address: 11510FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F454889E28Eh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F454889E294h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1151527 second address: 115154F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F45493BD40Dh 0x00000013 jmp 00007F45493BD40Ch 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1157DE8 second address: 1157DEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1157DEE second address: 1157DF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1157DF4 second address: 1157DF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115841B second address: 115842D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F45493BD40Dh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115872C second address: 1158736 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1158736 second address: 115873B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11589CB second address: 11589D5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F454889E28Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11589D5 second address: 11589F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F45493BD40Ch 0x00000014 jg 00007F45493BD406h 0x0000001a push eax 0x0000001b push edx 0x0000001c je 00007F45493BD406h 0x00000022 push ecx 0x00000023 pop ecx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11589F9 second address: 11589FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E0C4 second address: 115E0D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E0D1 second address: 115E0D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D241 second address: 115D26C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Fh 0x00000007 jno 00007F45493BD406h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007F45493BD40Ch 0x00000015 jl 00007F45493BD406h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D26C second address: 115D29A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F454889E296h 0x00000009 jmp 00007F454889E292h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D29A second address: 115D2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D2A3 second address: 115D2A8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D409 second address: 115D418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 jg 00007F45493BD40Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D695 second address: 115D69B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D69B second address: 115D6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F45493BD40Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D831 second address: 115D840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F454889E286h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9BD second address: 115D9CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9CA second address: 115D9E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F454889E286h 0x0000000a popad 0x0000000b jmp 00007F454889E28Ch 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9E7 second address: 115D9EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9EB second address: 115DA1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop edx 0x0000000d jmp 00007F454889E299h 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115DB90 second address: 115DBB4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e jmp 00007F45493BD413h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116912D second address: 1169133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169133 second address: 1169137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169137 second address: 1169148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169148 second address: 116917F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD412h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F45493BD418h 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007F45493BD406h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169532 second address: 1169536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169685 second address: 1169698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F45493BD406h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F45493BD406h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169698 second address: 116969C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116969C second address: 11696A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169D38 second address: 1169D3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169EC6 second address: 1169F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jo 00007F45493BD40Eh 0x0000000b jbe 00007F45493BD406h 0x00000011 push eax 0x00000012 pop eax 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F45493BD415h 0x0000001b jmp 00007F45493BD415h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CC7 second address: 1168CCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CCB second address: 1168CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CD1 second address: 1168CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CD7 second address: 1168CF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD414h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F45493BD412h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CF9 second address: 1168CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CFF second address: 1168D22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jp 00007F45493BD406h 0x0000000b jmp 00007F45493BD417h 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168D22 second address: 1168D39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F454889E292h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116E9AA second address: 116E9C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45493BD413h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1173495 second address: 11734B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E298h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11734B1 second address: 11734DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 js 00007F45493BD406h 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F45493BD418h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1173166 second address: 117316C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117316C second address: 1173191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F45493BD40Ch 0x0000000f jl 00007F45493BD406h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1173191 second address: 11731AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push ecx 0x00000008 js 00007F454889E286h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F454889E28Bh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11731AD second address: 11731B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118497A second address: 118498E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F454889E28Ah 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11843FD second address: 1184403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1184403 second address: 1184407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1184407 second address: 118440B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118440B second address: 1184456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F454889E295h 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F454889E28Eh 0x00000014 js 00007F454889E29Fh 0x0000001a jmp 00007F454889E297h 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186BA8 second address: 1186BB1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186872 second address: 1186888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 jmp 00007F454889E28Ah 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186888 second address: 1186890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186890 second address: 11868BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F454889E28Fh 0x0000000f jmp 00007F454889E28Ah 0x00000014 jno 00007F454889E286h 0x0000001a popad 0x0000001b popad 0x0000001c pushad 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11868BF second address: 11868C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11868C8 second address: 11868CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11868CC second address: 11868E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD419h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1188388 second address: 118838E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118838E second address: 11883C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD415h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F45493BD416h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11883C2 second address: 11883C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11883C6 second address: 11883CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118D084 second address: 118D088 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FE0E second address: 118FE12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1195DF2 second address: 1195DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1195DF6 second address: 1195DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CA20 second address: 119CA24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CA24 second address: 119CA2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CA2A second address: 119CA39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007F454889E286h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CCE3 second address: 119CCF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD411h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CCF9 second address: 119CCFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CCFE second address: 119CD1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD416h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CD1F second address: 119CD61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F454889E286h 0x0000000a jnc 00007F454889E286h 0x00000010 popad 0x00000011 jmp 00007F454889E297h 0x00000016 push eax 0x00000017 push edx 0x00000018 ja 00007F454889E286h 0x0000001e jmp 00007F454889E292h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DE7E second address: 119DE9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DE9B second address: 119DEB9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F454889E286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007F454889E28Bh 0x00000010 pop edi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pushad 0x00000016 popad 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A2BC0 second address: 11A2BDE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F45493BD410h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6B5E second address: 11B6B85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F454889E297h 0x0000000f jns 00007F454889E286h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6B85 second address: 11B6B9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD411h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6B9A second address: 11B6BB1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F454889E288h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 jng 00007F454889E286h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BB1 second address: 11B6BBF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BBF second address: 11B6BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BC5 second address: 11B6BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BC9 second address: 11B6BE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E290h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BE3 second address: 11B6BFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD415h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8724 second address: 11B872A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0804 second address: 11E080E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F45493BD406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E080E second address: 11E0838 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F454889E2B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F454889E28Ah 0x00000015 jmp 00007F454889E290h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0838 second address: 11E0842 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0842 second address: 11E0846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5A89 second address: 11E5A8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5A8F second address: 11E5B05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ebx 0x0000000e je 00007F454889E288h 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 nop 0x00000018 mov edx, dword ptr [ebp+122D3847h] 0x0000001e push 00000004h 0x00000020 movzx edx, cx 0x00000023 call 00007F454889E289h 0x00000028 pushad 0x00000029 jmp 00007F454889E291h 0x0000002e jmp 00007F454889E294h 0x00000033 popad 0x00000034 push eax 0x00000035 jmp 00007F454889E299h 0x0000003a mov eax, dword ptr [esp+04h] 0x0000003e push ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 push edx 0x00000042 pop edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5B05 second address: 11E5B2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD412h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jno 00007F45493BD406h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5B2A second address: 11E5B30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E780F second address: 11E7820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7325 second address: 11E733E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F454889E286h 0x00000008 ja 00007F454889E286h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jbe 00007F454889E286h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9499 second address: 11E94B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F45493BD412h 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B4B second address: 4B10B4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B4F second address: 4B10B53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B53 second address: 4B10B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B59 second address: 4B10B5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B5E second address: 4B10BCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F454889E290h 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jns 00007F454889E2F6h 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F454889E297h 0x0000001a sbb ecx, 47E3D38Eh 0x00000020 jmp 00007F454889E299h 0x00000025 popfd 0x00000026 jmp 00007F454889E290h 0x0000002b popad 0x0000002c add eax, ecx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10BCE second address: 4B10BD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10BD4 second address: 4B10C63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E294h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax+00000860h] 0x0000000f jmp 00007F454889E290h 0x00000014 test eax, eax 0x00000016 pushad 0x00000017 call 00007F454889E28Eh 0x0000001c call 00007F454889E292h 0x00000021 pop ecx 0x00000022 pop ebx 0x00000023 call 00007F454889E290h 0x00000028 mov ax, FA41h 0x0000002c pop ecx 0x0000002d popad 0x0000002e je 00007F45BA6C43A8h 0x00000034 jmp 00007F454889E28Dh 0x00000039 test byte ptr [eax+04h], 00000005h 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F454889E28Dh 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F921C second address: 10F922A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F45493BD40Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F53E3A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10EB56C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10EB810 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1112AB0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10F3B3D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1175650 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 2268	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2912	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2165405758.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166127943.0000000000AAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166053911.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.2165947325.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F35BB0 LdrInitializeThunk,

0_2_00F35BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.store
Source: file.exe	String found in binary or memory: spirittunek.store
Source: file.exe	String found in binary or memory: dissapoiznw.store
Source: file.exe	String found in binary or memory: studennotediw.store
Source: file.exe	String found in binary or memory: mobbipenju.store
Source: file.exe	String found in binary or memory: eaglepawnoy.store

Source: file.exe, 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: aProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
104.102.49.254	steamcommunity.com	United States		16625	AKAMAI-ASUS	true

Contacted Domains

Name	IP	Active
steamcommunity.com	104.102.49.254	true
eaglepawnoy.store	unknown	unknown
bathdoomgaz.store	unknown	unknown
spirittunek.store	unknown	unknown
licendfilteo.site	unknown	unknown
studennotediw.store	unknown	unknown
mobbipenju.store	unknown	unknown
sergei-esenin.com	unknown	unknown
clearancek.site	unknown	unknown
dissapoiznw.store	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
studennotediw.store	true	unknown
dissapoiznw.store	true	unknown
https://steamcommunity.com/profiles/76561199724331900	true	unknown
eaglepawnoy.store	true	unknown
bathdoomgaz.store	true	unknown
clearancek.site	true	unknown
spirittunek.store	true	unknown
licendfilteo.site	true	unknown
mobbipenju.store	true	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://steamcommunity.com:443/profiles/76561199724331900

URL Reputation: Label: malware

Found malware configuration

Source: file.exe.2720.0.memstrmin

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 39%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Sample uses string decryption to hide its real strings

Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: licendfilteo.site
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: spirittunek.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: bathdoomgaz.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: studennotediw.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: dissapoiznw.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: eaglepawnoy.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: mobbipenju.store
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: clearancek.site
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: lid=%s&j=%s&ver=4.0
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: TeslaBrowser/5.5
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Screen Resoluton:
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: - Physical Installed Memory:
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: Workgroup: -
Source: 00000000.00000002.2166316128.0000000000EF1000.00000040.00000001.01000000.00000003.sdmp	String decryptor: 4SD0y4--legendaryy

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49710 version: TLS 1.2

Found inlined nop instructions (likely shell or obfuscated code)

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F350FA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00EFD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00EFD110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00F363B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F35700
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00F399D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], 27BAF212h	0_2_00F3695B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+04h]	0_2_00EFFCA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-10h]	0_2_00F00EEC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00F36094
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00F34040
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then dec ebx	0_2_00F2F030
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00F06F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, dword ptr [edx]	0_2_00EF1000
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00F1D1E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00F042FC
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00F12260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], ax	0_2_00F12260
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+30h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+14h]	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_00EFA300
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C274D4CAh	0_2_00F364B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+0Ch]	0_2_00F1C470
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F0D457
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx eax, word ptr [esi+ecx]	0_2_00F31440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], 00000000h	0_2_00F0B410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1E40C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [ecx+esi+25h]	0_2_00EF8590
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00F06536
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], 7789B0CBh	0_2_00F37520
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F19510
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1E66A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_00F2B650
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+08h]	0_2_00F367EF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1D7AF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [edi+eax]	0_2_00F37710
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], dx	0_2_00F128E9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_00EF49A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ecx+eax+02h], 0000h	0_2_00F0D961
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 62429966h	0_2_00F33920
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F01ACD
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F3285E74h	0_2_00F34A40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+ebx]	0_2_00EF5A50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F01A3C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+04h]	0_2_00F03BE2
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00F01BEE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00F20B80
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 53F09CFAh	0_2_00F39B60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+000006B8h]	0_2_00F0DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], F8FD61B8h	0_2_00F0DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F39CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+edx*8+00h], 9ECF05EBh	0_2_00F39CE0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [esi+edx*8], C85F7986h	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], C85F7986h	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F1AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], ax	0_2_00F1AC91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [eax+esi+02h], 0000h	0_2_00F1EC48
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], A70A987Fh	0_2_00F2FC20
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00F17C00
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F38D8A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [ebp-14h]	0_2_00F1DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp+1Ch], 5E46585Eh	0_2_00F1FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [ecx+esi]	0_2_00EF6EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [ebx], 00000000h	0_2_00F06EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [ebp+00h]	0_2_00EFBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+40h]	0_2_00F01E93
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F15E70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00F17E60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, word ptr [ecx]	0_2_00F1AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov edi, ecx	0_2_00F04E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00F35FD6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [edx], 0000h	0_2_00F0FFDF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+edx*8], F3285E74h	0_2_00F37FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F37FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp ecx	0_2_00EF8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esi+20h]	0_2_00F06F91
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_00F2FF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then jmp eax	0_2_00F19F62

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2056481 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (dissapoiznw .store) : 192.168.2.6:57086 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056483 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (eaglepawnoy .store) : 192.168.2.6:49256 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056479 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (studennotediw .store) : 192.168.2.6:51083 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056473 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (licendfilteo .site) : 192.168.2.6:65256 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056471 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (clearancek .site) : 192.168.2.6:54980 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056475 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (spirittunek .store) : 192.168.2.6:58614 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056477 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (bathdoomgaz .store) : 192.168.2.6:53835 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2056485 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (mobbipenju .store) : 192.168.2.6:57079 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2858666 - Severity 1 - ETPRO MALWARE Win32/Lumma Stealer Steam Profile Lookup : 192.168.2.6:49710 -> 104.102.49.254:443

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor	URLs: mobbipenju.store
Source: Malware configuration extractor	URLs: dissapoiznw.store
Source: Malware configuration extractor	URLs: clearancek.site
Source: Malware configuration extractor	URLs: spirittunek.store
Source: Malware configuration extractor	URLs: licendfilteo.site
Source: Malware configuration extractor	URLs: eaglepawnoy.store
Source: Malware configuration extractor	URLs: bathdoomgaz.store
Source: Malware configuration extractor	URLs: studennotediw.store

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 104.102.49.254 104.102.49.254

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: AKAMAI-ASUS AKAMAI-ASUS

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Uses a known web browser user agent for HTTP communication

Source: global traffic

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: file.exe, 00000000.00000003.2165206841.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Content-Security-Policydefault-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec8103907e3e99aebe27b; Path=/; Secure; HttpOnly; SameSite=Nonesessionid=d53cd9724c17ac1a847cad24; Path=/; Secure; SameSite=NoneSet-CookienginxServerRetry-AfterProxy-SupportProxy-AuthenticateP3PLocationETagAuthentication-InfoAgeAccept-RangesLast-ModifiedMon, 26 Jul 1997 05:00:00 GMTExpiresContent-RangeContent-MD5Content-LocationContent-LanguageContent-Encodingtext/html; charset=UTF-8Content-Type35741Content-LengthAllowWarningViaUpgradeTransfer-EncodingTrailerPragmaKeep-AliveFri, 25 Oct 2024 14:48:33 GMTDateProxy-ConnectioncloseConnectionno-cacheCache-Control equals www.youtube.com (Youtube)
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://.valvesoftware.com https://.steambeta.net https://.discovery.beta.steamserver.net https://.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clearancek.site
Source: global traffic	DNS traffic detected: DNS query: mobbipenju.store
Source: global traffic	DNS traffic detected: DNS query: eaglepawnoy.store
Source: global traffic	DNS traffic detected: DNS query: dissapoiznw.store
Source: global traffic	DNS traffic detected: DNS query: studennotediw.store
Source: global traffic	DNS traffic detected: DNS query: bathdoomgaz.store
Source: global traffic	DNS traffic detected: DNS query: spirittunek.store
Source: global traffic	DNS traffic detected: DNS query: licendfilteo.site
Source: global traffic	DNS traffic detected: DNS query: steamcommunity.com
Source: global traffic	DNS traffic detected: DNS query: sergei-esenin.com

Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://127.0.0.1:27060
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/account/cookiepreferences/
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.valvesoftware.com/legal.htm
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.steampowered.com/
Source: file.exe, 00000000.00000002.2166053911.0000000000A79000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.s
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8d
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://avatars.cloudflare.steamstatic.com/fef49e7fa7e1997310d705b2a6158ff8dc1cdfeb_full.jpg
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bathdoomgaz.store:443/apiz
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://broadcast.st.dl.eccdnx.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://checkout.steampowered.com/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://clearancek.site:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/applications/community/main.css?v=ljhW-PbGuX
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/globalv2.css?v=pwVcIAtHNXwg&l=english&am
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/promo/summer2017/stickers.css?v=bZKSp7oNwVPK
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/header.css?v=vh4BMeDcNiCU&l=engli
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/modalContent.css?v=.VpiwkLAYt9r1&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/css/skin_1/profilev2.css?v=gNE3gksLVEVa&l=en
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/arrowDn9x5.gif
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/images/skin_1/footerLogo_valve.png?v=1
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/libraries~b28b
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/main.js?v=W9BX
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A78000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/applications/community/manifest.js?v=
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/global.js?v=bOP7RorZq4_W&l=englis
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/jquery-1.11.1.min.js?v=.isFTSRckeNhC&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalContent.js?v=UuGFpt56D9L4&l=
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/modalv2.js?v=dfMhuy-Lrpyo&l=engli
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/profile.js?v=KkhJqW2NGKiM&l=engli
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/promo/stickers.js?v=GfA42_x2_aub&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/prototype-1.7.js?v=.55t44gwuwgvw&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/reportedcontent.js?v=dAtjbcZMWhSe&amp
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/scriptaculous/_combined.js?v=OeNIgrpE
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/javascript/webui/clientcom.js?v=qYlgdgWOD4Ng&amp
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/buttons.css?v=tuNiaSwXwcYT&l=engl
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/motiva_sans.css?v=GfSjbGKcNYaQ&l=
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_global.css?v=Ff_1prscqzeu&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/css/shared_responsive.css?v=eghn9DNyCY67&
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/header/logo_steam.svg?t=962016
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_logo.png
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/header_menu_hamburger.p
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/images/responsive/logo_valve_footer.png
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/auth_refresh.js?v=WgUxSlKTb3W1
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_global.js?v=wJD9maDpDcV
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/shared_responsive_adapter.js?v
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://community.cloudflare.steamstatic.com/public/shared/javascript/tooltip.js?v=.zYHOpI1L3Rt0&amp
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://eaglepawnoy.store:443/apiS
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://help.steampowered.com/en/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://licendfilteo.site:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://login.steampowered.com/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://lv.queniujq.cn
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://medal.tv
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://player.vimeo.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://recaptcha.net/recaptcha/;
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://s.ytimg.com;
Source: file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/
Source: file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/api
Source: file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com/t
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sergei-esenin.com:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://sketchfab.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steam.tv/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast-test.akamaized.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcast.akamaized.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steambroadcastchat.akamaized.net
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166053911.0000000000A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/?subsection=broadcasts
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/discussions/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/linkfilter/?u=http%3A%2F%2Fwww.geonames.org
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/login/home/?goto=profiles%2F76561199724331900
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/market/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/my/wishlist/
Source: file.exe, 00000000.00000002.2166053911.0000000000A90000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/badges
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/76561199724331900/inventory/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/workshop/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com:443/profiles/76561199724331900
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/
Source: file.exe, 00000000.00000002.2166147480.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165518814.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165206841.0000000000AC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/;Persistent-AuthWWW-AuthenticateVarysteamCountry=US%7C42cb6563c5fec81
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/about/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/explore/
Source: file.exe, 00000000.00000002.2166196865.0000000000B09000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2165947325.0000000000A75000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/legal/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/mobile
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/news/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/points/shop/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/privacy_agreement/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/stats/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/steam_refunds/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://store.steampowered.com/subscriber_agreement/
Source: file.exe, 00000000.00000002.2166053911.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A7E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://studennotediw.store:443/api
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/recaptcha/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.cn/recaptcha/
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.gstatic.com/recaptcha/
Source: file.exe, 00000000.00000003.2165386906.0000000000B01000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.valvesoftware.com/en/contact?contact-person=Translation%20Team%20Feedback
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com
Source: file.exe, 00000000.00000003.2165185513.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710

Source: unknown

HTTPS traffic detected: 104.102.49.254:443 -> 192.168.2.6:49710 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F00228	0_2_00F00228
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F3A0D0	0_2_00F3A0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD	0_2_00F7E0AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F34040	0_2_00F34040
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F02030	0_2_00F02030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022	0_2_00F8A022
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1	0_2_010B21E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF1000	0_2_00EF1000
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF71F0	0_2_00EF71F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFE1A0	0_2_00EFE1A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF5160	0_2_00EF5160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF12F7	0_2_00EF12F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F282D0	0_2_00F282D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F212D0	0_2_00F212D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F223E0	0_2_00F223E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF13A3	0_2_00EF13A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFB3A0	0_2_00EFB3A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010752E4	0_2_010752E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFA300	0_2_00EFA300
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F264F0	0_2_00F264F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0049B	0_2_00F0049B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F04487	0_2_00F04487
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1C470	0_2_00F1C470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0C5F0	0_2_00F0C5F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FB25BB	0_2_00FB25BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF35B0	0_2_00EF35B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF8590	0_2_00EF8590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0106548C	0_2_0106548C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BC4DA	0_2_010BC4DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F386F0	0_2_00F386F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B9728	0_2_010B9728
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF164F	0_2_00EF164F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38652	0_2_00F38652
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2F620	0_2_00F2F620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2B8C0	0_2_00F2B8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F2E8A0	0_2_00F2E8A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F21860	0_2_00F21860
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFA850	0_2_00EFA850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AF9CC	0_2_010AF9CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F389A0	0_2_00F389A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B5858	0_2_010B5858
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1098B	0_2_00F1098B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F37AB0	0_2_00F37AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38A80	0_2_00F38A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0102EB83	0_2_0102EB83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0107EB99	0_2_0107EB99
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F34A40	0_2_00F34A40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF7BF0	0_2_00EF7BF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010ADA3C	0_2_010ADA3C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010BAA65	0_2_010BAA65
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F0DB6F	0_2_00F0DB6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01088AE1	0_2_01088AE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1CCD0	0_2_00F1CCD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F36CBF	0_2_00F36CBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38C02	0_2_00F38C02
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B3C4B	0_2_010B3C4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F18D62	0_2_00F18D62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010AECA7	0_2_010AECA7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1DD29	0_2_00F1DD29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1FD10	0_2_00F1FD10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F06EBF	0_2_00F06EBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFBEB0	0_2_00EFBEB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F38E70	0_2_00F38E70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F1AE57	0_2_00F1AE57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F04E2A	0_2_00F04E2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00FCBE00	0_2_00FCBE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F37FC0	0_2_00F37FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EF8FD0	0_2_00EF8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00EFAF10	0_2_00EFAF10

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00F0D300 appears 152 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00EFCAA0 appears 48 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ZLIB complexity 0.9996261344884488

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@10/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F28220 CoCreateInstance,

0_2_00F28220

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 39%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNe

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 2931712 > 1048576

Source: file.exe

Static PE information: Raw size of yzbnnslb is bigger than: 0x100000 < 0x2a2600

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.ef0000.0.unpack :EW;.rsrc :W;.idata :W;yzbnnslb:EW;jnfhazfa:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W;yzbnnslb:EW;jnfhazfa:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x2d7de2 should be: 0x2d01b1

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name: yzbnnslb
Source: file.exe	Static PE information: section name: jnfhazfa
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01197108 push 290636B3h; mov dword ptr [esp], eax	0_2_01197A04
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_01197108 push eax; mov dword ptr [esp], 64E341B7h	0_2_01197A10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD push 1ADA531Ch; mov dword ptr [esp], ebp	0_2_00F7E21E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD push eax; mov dword ptr [esp], 3533EDE3h	0_2_00F7E22D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F7E0AD push 2AA7E394h; mov dword ptr [esp], esi	0_2_00F7E28E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011F319B push ebx; mov dword ptr [esp], eax	0_2_011F31FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011F319B push 31007003h; mov dword ptr [esp], eax	0_2_011F3289
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_011F319B push 088F1CBDh; mov dword ptr [esp], eax	0_2_011F32A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0113B188 push 680895CDh; mov dword ptr [esp], edx	0_2_0113B1BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0113B188 push ebp; mov dword ptr [esp], 04D332C9h	0_2_0113B249
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0113B188 push 28AE0C7Ah; mov dword ptr [esp], ecx	0_2_0113B274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push eax; mov dword ptr [esp], esp	0_2_00F8A066
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push ebp; mov dword ptr [esp], ebx	0_2_00F8A09B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push edx; mov dword ptr [esp], edi	0_2_00F8A0DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push 4FCF42E9h; mov dword ptr [esp], ecx	0_2_00F8A173
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push eax; mov dword ptr [esp], edi	0_2_00F8A205
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00F8A022 push 1791AD5Fh; mov dword ptr [esp], ebx	0_2_00F8A239
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 7FC7FD77h; mov dword ptr [esp], eax	0_2_010B21EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 1D5742C1h; mov dword ptr [esp], esp	0_2_010B21F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push esi; mov dword ptr [esp], eax	0_2_010B227B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push esi; mov dword ptr [esp], edx	0_2_010B22D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push ebp; mov dword ptr [esp], esi	0_2_010B2335
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push ebx; mov dword ptr [esp], edi	0_2_010B2375
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 126E0B13h; mov dword ptr [esp], ebx	0_2_010B23B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edx; mov dword ptr [esp], ecx	0_2_010B23C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 59751F7Ah; mov dword ptr [esp], edx	0_2_010B23E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edi; mov dword ptr [esp], 55F517A8h	0_2_010B240E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edi; mov dword ptr [esp], edx	0_2_010B242B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push edi; mov dword ptr [esp], ecx	0_2_010B2432
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push ecx; mov dword ptr [esp], esi	0_2_010B2436
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_010B21E1 push 30A72E01h; mov dword ptr [esp], esi	0_2_010B246B

Source: file.exe

Static PE information: section name: entropy: 7.984920165696558

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Malware Analysis System Evasion

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C23BF second address: 10C23DE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F454889E297h 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C144F second address: 10C1455 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C1703 second address: 10C1711 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F454889E286h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C18C1 second address: 10C18C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C18C8 second address: 10C18D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jno 00007F454889E286h 0x0000000c popad 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C18D8 second address: 10C18DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C1A0D second address: 10C1A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C1A13 second address: 10C1A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F45493BD410h 0x0000000e ja 00007F45493BD406h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3513 second address: 10C351A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C351A second address: 10C3527 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3527 second address: 10C352B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C35B7 second address: 10C35EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD416h 0x00000009 popad 0x0000000a jo 00007F45493BD408h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F45493BD40Eh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C35EC second address: 10C36AC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F454889E299h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c and edi, dword ptr [ebp+122D1CF0h] 0x00000012 jmp 00007F454889E28Ah 0x00000017 push 00000000h 0x00000019 push 00000000h 0x0000001b push edx 0x0000001c call 00007F454889E288h 0x00000021 pop edx 0x00000022 mov dword ptr [esp+04h], edx 0x00000026 add dword ptr [esp+04h], 00000018h 0x0000002e inc edx 0x0000002f push edx 0x00000030 ret 0x00000031 pop edx 0x00000032 ret 0x00000033 push 476BE9B4h 0x00000038 jmp 00007F454889E28Fh 0x0000003d xor dword ptr [esp], 476BE934h 0x00000044 mov ecx, edi 0x00000046 push 00000003h 0x00000048 movsx edx, cx 0x0000004b mov dword ptr [ebp+122D23E4h], ecx 0x00000051 push 00000000h 0x00000053 push 00000000h 0x00000055 push ebp 0x00000056 call 00007F454889E288h 0x0000005b pop ebp 0x0000005c mov dword ptr [esp+04h], ebp 0x00000060 add dword ptr [esp+04h], 00000017h 0x00000068 inc ebp 0x00000069 push ebp 0x0000006a ret 0x0000006b pop ebp 0x0000006c ret 0x0000006d mov edi, dword ptr [ebp+122D235Eh] 0x00000073 push 00000003h 0x00000075 mov ecx, dword ptr [ebp+122D38CDh] 0x0000007b call 00007F454889E289h 0x00000080 je 00007F454889E294h 0x00000086 push eax 0x00000087 push edx 0x00000088 jc 00007F454889E286h 0x0000008e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C36AC second address: 10C36C9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jo 00007F45493BD40Eh 0x0000000d jns 00007F45493BD408h 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push edx 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C36C9 second address: 10C372A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 je 00007F454889E288h 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 popad 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a jmp 00007F454889E293h 0x0000001f pop eax 0x00000020 call 00007F454889E28Bh 0x00000025 mov edx, 1ADA99C6h 0x0000002a pop edx 0x0000002b lea ebx, dword ptr [ebp+12443471h] 0x00000031 mov edi, 457C0031h 0x00000036 xchg eax, ebx 0x00000037 jmp 00007F454889E290h 0x0000003c push eax 0x0000003d pushad 0x0000003e push eax 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C372A second address: 10C372E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3876 second address: 10C38A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F454889E28Eh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C38A0 second address: 10C38B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45493BD410h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C38B4 second address: 10C38B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C38B8 second address: 10C390F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b jng 00007F45493BD408h 0x00000011 pushad 0x00000012 popad 0x00000013 jc 00007F45493BD416h 0x00000019 jmp 00007F45493BD410h 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 jmp 00007F45493BD412h 0x00000028 pop eax 0x00000029 mov edi, dword ptr [ebp+122D3C66h] 0x0000002f lea ebx, dword ptr [ebp+1244347Ah] 0x00000035 mov si, di 0x00000038 push eax 0x00000039 pushad 0x0000003a pushad 0x0000003b push ebx 0x0000003c pop ebx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C390F second address: 10C3918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C39D1 second address: 10C39E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C39E8 second address: 10C3A1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F454889E297h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f jl 00007F454889E28Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 jno 00007F454889E286h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3A1D second address: 10C3A2E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3A2E second address: 10C3A32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3A32 second address: 10C3A3C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D6627 second address: 10D662B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D662B second address: 10D6631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BA574 second address: 10BA595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F454889E298h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BA595 second address: 10BA59B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3295 second address: 10E329B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E329B second address: 10E32B3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jbe 00007F45493BD406h 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E32B3 second address: 10E32BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E35F8 second address: 10E35FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E35FC second address: 10E3602 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3756 second address: 10E375C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E38E9 second address: 10E3953 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E294h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jmp 00007F454889E290h 0x00000011 jg 00007F454889E286h 0x00000017 jmp 00007F454889E28Ch 0x0000001c popad 0x0000001d pop edi 0x0000001e pushad 0x0000001f jl 00007F454889E296h 0x00000025 pushad 0x00000026 popad 0x00000027 jmp 00007F454889E28Eh 0x0000002c push eax 0x0000002d push edx 0x0000002e jc 00007F454889E286h 0x00000034 jmp 00007F454889E28Ch 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3AB2 second address: 10E3AC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F45493BD406h 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3AC0 second address: 10E3ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F454889E295h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C5A second address: 10E3C62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C62 second address: 10E3C66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C66 second address: 10E3C72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F45493BD406h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C72 second address: 10E3C7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 jns 00007F454889E286h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E3C7E second address: 10E3C91 instructions: 0x00000000 rdtsc 0x00000002 js 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jne 00007F45493BD406h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4059 second address: 10E405D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E405D second address: 10E406F instructions: 0x00000000 rdtsc 0x00000002 je 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jns 00007F45493BD412h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E406F second address: 10E4081 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F454889E286h 0x0000000a jo 00007F454889E28Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E45A8 second address: 10E45D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD411h 0x00000009 jg 00007F45493BD406h 0x0000000f popad 0x00000010 jnc 00007F45493BD40Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E45D4 second address: 10E45D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E45D8 second address: 10E45F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F45493BD413h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ebx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4C06 second address: 10E4C0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DE6 second address: 10E4DEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DEA second address: 10E4DF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DF0 second address: 10E4DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4DF6 second address: 10E4DFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4F3A second address: 10E4F40 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4F40 second address: 10E4F54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F454889E28Ch 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E4F54 second address: 10E4F61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E50EF second address: 10E50F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE7D2 second address: 10AE7DC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE7DC second address: 10AE7E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10AE7E2 second address: 10AE7E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EB7AB second address: 10EB7B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EB7B1 second address: 10EB7B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFB48 second address: 10EFB4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFB4C second address: 10EFB5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFCCF second address: 10EFCF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F454889E286h 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007F454889E28Dh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007F454889E2A2h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10EFCF3 second address: 10EFD25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD416h 0x00000009 jmp 00007F45493BD418h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F0048 second address: 10F0058 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jo 00007F454889E286h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F01A6 second address: 10F01AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1A9A second address: 10F1AA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AA0 second address: 10F1AAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AAA second address: 10F1AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F454889E286h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F454889E28Dh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AC4 second address: 10F1AD7 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AD7 second address: 10F1AE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F1AE4 second address: 10F1AE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F66C7 second address: 10F66CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F66CB second address: 10F66EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD417h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F66EA second address: 10F6713 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b push eax 0x0000000c push eax 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop eax 0x00000010 pop eax 0x00000011 mov eax, dword ptr [eax] 0x00000013 jmp 00007F454889E28Ch 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c push eax 0x0000001d pushad 0x0000001e pushad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F6713 second address: 10F673A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pop eax 0x00000007 mov esi, dword ptr [ebp+122D3ABAh] 0x0000000d push F656D5B4h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F45493BD411h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F673A second address: 10F6740 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F6ADE second address: 10F6AE4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F6BAA second address: 10F6BB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F454889E286h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F759D second address: 10F75A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F75A1 second address: 10F75B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F454889E291h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F76DC second address: 10F7707 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F45493BD40Ch 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jc 00007F45493BD412h 0x00000014 jmp 00007F45493BD40Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b push ebx 0x0000001c pop ebx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F78B2 second address: 10F78BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F454889E286h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F79A2 second address: 10F79A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F8655 second address: 10F8659 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F9885 second address: 10F98FA instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b nop 0x0000000c jbe 00007F45493BD40Ch 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F45493BD408h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebp 0x00000033 call 00007F45493BD408h 0x00000038 pop ebp 0x00000039 mov dword ptr [esp+04h], ebp 0x0000003d add dword ptr [esp+04h], 0000001Ah 0x00000045 inc ebp 0x00000046 push ebp 0x00000047 ret 0x00000048 pop ebp 0x00000049 ret 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007F45493BD417h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F98FA second address: 10F9904 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E28Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FACC8 second address: 10FACDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45493BD40Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FACDC second address: 10FACE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FCDE3 second address: 10FCDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD414h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FCDFC second address: 10FCE01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110120B second address: 110120F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110120F second address: 1101215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1101215 second address: 1101232 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F45493BD419h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110215E second address: 1102165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110144A second address: 1101467 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1102165 second address: 11021A7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov ebx, dword ptr [ebp+122D235Eh] 0x00000011 push 00000000h 0x00000013 mov ebx, edi 0x00000015 mov bx, ax 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push ebx 0x0000001d call 00007F454889E288h 0x00000022 pop ebx 0x00000023 mov dword ptr [esp+04h], ebx 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc ebx 0x00000030 push ebx 0x00000031 ret 0x00000032 pop ebx 0x00000033 ret 0x00000034 push eax 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 push edx 0x0000003a pop edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11021A7 second address: 11021AD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11022B3 second address: 11022B9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11022B9 second address: 11022C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F45493BD406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1103F5D second address: 1103F63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1103F63 second address: 1103F67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110402F second address: 1104035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104035 second address: 110405A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jmp 00007F45493BD418h 0x0000000b pop edi 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110405A second address: 1104074 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F454889E293h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104074 second address: 1104078 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104F90 second address: 1104F94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104F94 second address: 1104FB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F45493BD40Ch 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104FB4 second address: 1104FBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F454889E286h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104FBE second address: 1104FC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110505D second address: 110506F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F454889E286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F454889E28Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11051E7 second address: 11051EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1107087 second address: 110708B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11061FF second address: 1106206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1106206 second address: 110620C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110620C second address: 1106210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1106210 second address: 110621F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110621F second address: 1106225 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11081B9 second address: 11081BF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11081BF second address: 11081C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11081C5 second address: 11081C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110831F second address: 1108323 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1108323 second address: 1108329 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1108329 second address: 11083D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F45493BD408h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 mov dword ptr [ebp+1244383Bh], ebx 0x0000002a mov ebx, ecx 0x0000002c push dword ptr fs:[00000000h] 0x00000033 pushad 0x00000034 mov dword ptr [ebp+122D35DBh], ecx 0x0000003a clc 0x0000003b popad 0x0000003c mov dword ptr fs:[00000000h], esp 0x00000043 push eax 0x00000044 mov dword ptr [ebp+122D1EA3h], edx 0x0000004a pop ebx 0x0000004b mov eax, dword ptr [ebp+122D0885h] 0x00000051 mov ebx, dword ptr [ebp+12450943h] 0x00000057 push FFFFFFFFh 0x00000059 push 00000000h 0x0000005b push esi 0x0000005c call 00007F45493BD408h 0x00000061 pop esi 0x00000062 mov dword ptr [esp+04h], esi 0x00000066 add dword ptr [esp+04h], 0000001Dh 0x0000006e inc esi 0x0000006f push esi 0x00000070 ret 0x00000071 pop esi 0x00000072 ret 0x00000073 mov dword ptr [ebp+122DBBC4h], edi 0x00000079 mov ebx, dword ptr [ebp+122D1D3Ah] 0x0000007f nop 0x00000080 jl 00007F45493BD414h 0x00000086 push eax 0x00000087 push edx 0x00000088 pushad 0x00000089 popad 0x0000008a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11083D3 second address: 11083D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110A2B6 second address: 110A2BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110A2BA second address: 110A2CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jne 00007F454889E286h 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110B2FF second address: 110B305 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110B305 second address: 110B375 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E296h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c sub edi, dword ptr [ebp+122D3B1Ah] 0x00000012 mov bh, 31h 0x00000014 push 00000000h 0x00000016 mov ebx, dword ptr [ebp+122D3D02h] 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push ebp 0x00000021 call 00007F454889E288h 0x00000026 pop ebp 0x00000027 mov dword ptr [esp+04h], ebp 0x0000002b add dword ptr [esp+04h], 00000014h 0x00000033 inc ebp 0x00000034 push ebp 0x00000035 ret 0x00000036 pop ebp 0x00000037 ret 0x00000038 clc 0x00000039 xchg eax, esi 0x0000003a jmp 00007F454889E299h 0x0000003f push eax 0x00000040 pushad 0x00000041 jp 00007F454889E28Ch 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C31D second address: 110C321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C321 second address: 110C325 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C325 second address: 110C3AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ecx 0x0000000d call 00007F45493BD408h 0x00000012 pop ecx 0x00000013 mov dword ptr [esp+04h], ecx 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc ecx 0x00000020 push ecx 0x00000021 ret 0x00000022 pop ecx 0x00000023 ret 0x00000024 jbe 00007F45493BD40Ah 0x0000002a mov di, 5D74h 0x0000002e push 00000000h 0x00000030 mov bx, 0E2Eh 0x00000034 push ecx 0x00000035 mov di, dx 0x00000038 pop ebx 0x00000039 push 00000000h 0x0000003b push 00000000h 0x0000003d push ecx 0x0000003e call 00007F45493BD408h 0x00000043 pop ecx 0x00000044 mov dword ptr [esp+04h], ecx 0x00000048 add dword ptr [esp+04h], 0000001Bh 0x00000050 inc ecx 0x00000051 push ecx 0x00000052 ret 0x00000053 pop ecx 0x00000054 ret 0x00000055 mov edi, 17A76A6Dh 0x0000005a xchg eax, esi 0x0000005b push eax 0x0000005c push edx 0x0000005d push esi 0x0000005e jmp 00007F45493BD419h 0x00000063 pop esi 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110A49F second address: 110A4A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11093FD second address: 110940A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110940A second address: 11094A5 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E28Ch 0x00000008 js 00007F454889E286h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 mov bx, di 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push ecx 0x0000001e call 00007F454889E288h 0x00000023 pop ecx 0x00000024 mov dword ptr [esp+04h], ecx 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ecx 0x00000031 push ecx 0x00000032 ret 0x00000033 pop ecx 0x00000034 ret 0x00000035 mov dword ptr [ebp+122D1D5Eh], edx 0x0000003b mov dword ptr fs:[00000000h], esp 0x00000042 mov ebx, edx 0x00000044 mov eax, dword ptr [ebp+122D0689h] 0x0000004a mov dword ptr [ebp+12448CE6h], edi 0x00000050 push FFFFFFFFh 0x00000052 push 00000000h 0x00000054 push ebx 0x00000055 call 00007F454889E288h 0x0000005a pop ebx 0x0000005b mov dword ptr [esp+04h], ebx 0x0000005f add dword ptr [esp+04h], 0000001Ah 0x00000067 inc ebx 0x00000068 push ebx 0x00000069 ret 0x0000006a pop ebx 0x0000006b ret 0x0000006c mov dword ptr [ebp+122D1D01h], ecx 0x00000072 mov edi, dword ptr [ebp+122D3BC6h] 0x00000078 nop 0x00000079 jnl 00007F454889E28Eh 0x0000007f push eax 0x00000080 push eax 0x00000081 push edx 0x00000082 push ecx 0x00000083 pushad 0x00000084 popad 0x00000085 pop ecx 0x00000086 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110B4AF second address: 110B4B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C523 second address: 110C533 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C533 second address: 110C538 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110C5E0 second address: 110C5F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11105CD second address: 11105D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11105D2 second address: 11105D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110F702 second address: 110F7B4 instructions: 0x00000000 rdtsc 0x00000002 js 00007F45493BD408h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f sub bx, 16EFh 0x00000014 push dword ptr fs:[00000000h] 0x0000001b xor dword ptr [ebp+122D1D01h], ecx 0x00000021 mov dword ptr fs:[00000000h], esp 0x00000028 push 00000000h 0x0000002a push esi 0x0000002b call 00007F45493BD408h 0x00000030 pop esi 0x00000031 mov dword ptr [esp+04h], esi 0x00000035 add dword ptr [esp+04h], 0000001Dh 0x0000003d inc esi 0x0000003e push esi 0x0000003f ret 0x00000040 pop esi 0x00000041 ret 0x00000042 call 00007F45493BD40Fh 0x00000047 mov ebx, dword ptr [ebp+122D235Ah] 0x0000004d pop edi 0x0000004e mov eax, dword ptr [ebp+122D1691h] 0x00000054 pushad 0x00000055 mov dword ptr [ebp+122D1E17h], ecx 0x0000005b mov dword ptr [ebp+122D2A88h], esi 0x00000061 popad 0x00000062 sub edi, dword ptr [ebp+122D3C56h] 0x00000068 push FFFFFFFFh 0x0000006a push 00000000h 0x0000006c push ebp 0x0000006d call 00007F45493BD408h 0x00000072 pop ebp 0x00000073 mov dword ptr [esp+04h], ebp 0x00000077 add dword ptr [esp+04h], 00000018h 0x0000007f inc ebp 0x00000080 push ebp 0x00000081 ret 0x00000082 pop ebp 0x00000083 ret 0x00000084 push eax 0x00000085 push eax 0x00000086 push edx 0x00000087 push eax 0x00000088 push edx 0x00000089 jmp 00007F45493BD40Eh 0x0000008e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110F7B4 second address: 110F7BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106EC second address: 11106F2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106F2 second address: 11106F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106F8 second address: 11106FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11106FC second address: 1110717 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jc 00007F454889E28Ch 0x00000015 jl 00007F454889E286h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1110717 second address: 11107D3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F45493BD408h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b pushad 0x0000000c jbe 00007F45493BD407h 0x00000012 clc 0x00000013 add bx, AA0Ah 0x00000018 popad 0x00000019 push dword ptr fs:[00000000h] 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F45493BD408h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 00000019h 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a call 00007F45493BD411h 0x0000003f mov edi, 09F01A72h 0x00000044 pop ebx 0x00000045 movzx edi, ax 0x00000048 mov dword ptr fs:[00000000h], esp 0x0000004f call 00007F45493BD40Eh 0x00000054 jmp 00007F45493BD40Ch 0x00000059 pop ebx 0x0000005a mov eax, dword ptr [ebp+122D0811h] 0x00000060 mov dword ptr [ebp+122D23EAh], ebx 0x00000066 push FFFFFFFFh 0x00000068 movsx edi, cx 0x0000006b nop 0x0000006c jmp 00007F45493BD419h 0x00000071 push eax 0x00000072 pushad 0x00000073 jbe 00007F45493BD40Ch 0x00000079 jl 00007F45493BD406h 0x0000007f push eax 0x00000080 push edx 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11107D3 second address: 11107D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112A40 second address: 1112A5B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD417h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1112A5B second address: 1112A62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B6E49 second address: 10B6E56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F45493BD406h 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116ECA second address: 1116ED1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116ED1 second address: 1116EF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F45493BD40Bh 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1116EF0 second address: 1116F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jnl 00007F454889E286h 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111730B second address: 1117317 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1117317 second address: 111731D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111731D second address: 1117323 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1117323 second address: 1117329 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1117329 second address: 111733B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111733B second address: 111735A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F454889E28Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007F454889E286h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D65F second address: 111D665 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D665 second address: 111D669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D669 second address: 111D692 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD417h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jl 00007F45493BD410h 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D7DE second address: 111D7F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pushad 0x0000000f popad 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D7F6 second address: 111D818 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD415h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D818 second address: 111D81D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 111D81D second address: 111D822 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1121BCF second address: 1121BEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E293h 0x00000007 jl 00007F454889E28Eh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1121E9C second address: 1121EB9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F45493BD412h 0x00000008 pushad 0x00000009 jl 00007F45493BD406h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8A1C second address: 10B8A28 instructions: 0x00000000 rdtsc 0x00000002 je 00007F454889E286h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B8A28 second address: 10B8A42 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 jmp 00007F45493BD411h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11260B3 second address: 11260C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11260C2 second address: 11260C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11260C8 second address: 11260DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Dh 0x00000007 js 00007F454889E292h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3A88 second address: 10F3A8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3A8C second address: 10F3A92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F3A92 second address: 10F3B71 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F45493BD41Fh 0x00000008 jmp 00007F45493BD419h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f xchg eax, ebx 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F45493BD408h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a jmp 00007F45493BD414h 0x0000002f call 00007F45493BD40Eh 0x00000034 call 00007F45493BD40Bh 0x00000039 mov di, AEE6h 0x0000003d pop edx 0x0000003e pop edx 0x0000003f jng 00007F45493BD412h 0x00000045 je 00007F45493BD40Ch 0x0000004b xor edi, 2A846774h 0x00000051 push dword ptr fs:[00000000h] 0x00000058 mov dword ptr [ebp+122D38E4h], ebx 0x0000005e mov dword ptr fs:[00000000h], esp 0x00000065 mov edx, 2B47168Ah 0x0000006a mov dword ptr [ebp+12473692h], esp 0x00000070 mov ecx, ebx 0x00000072 cmp dword ptr [ebp+122D3B92h], 00000000h 0x00000079 jne 00007F45493BD4ABh 0x0000007f ja 00007F45493BD40Ah 0x00000085 mov di, 2600h 0x00000089 mov byte ptr [ebp+122D1C05h], 00000047h 0x00000090 movzx edi, ax 0x00000093 mov eax, D49AA7D2h 0x00000098 mov ecx, edx 0x0000009a nop 0x0000009b pushad 0x0000009c jc 00007F45493BD40Ch 0x000000a2 push eax 0x000000a3 push edx 0x000000a4 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F47FE second address: 10F4803 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4AD3 second address: 10F4AE1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F45493BD406h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D8B2D second address: 10D8B3C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11263EC second address: 112640C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F45493BD418h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112640C second address: 1126410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126410 second address: 112641F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112641F second address: 112642E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112642E second address: 1126434 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126560 second address: 1126565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126565 second address: 1126596 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jl 00007F45493BD406h 0x00000009 pop edx 0x0000000a jmp 00007F45493BD411h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jnp 00007F45493BD406h 0x0000001d popad 0x0000001e pushad 0x0000001f pushad 0x00000020 popad 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126596 second address: 112659F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126715 second address: 1126724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F45493BD408h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126724 second address: 112672A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112672A second address: 1126734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F45493BD406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126734 second address: 1126738 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1126CFA second address: 1126CFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11289CD second address: 11289E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 jng 00007F454889E286h 0x0000000f jc 00007F454889E286h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112FAF3 second address: 112FAF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B3827 second address: 10B383D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F454889E28Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E875 second address: 112E879 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E879 second address: 112E8AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E298h 0x00000007 jmp 00007F454889E298h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E8AD second address: 112E8B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E8B2 second address: 112E8B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112E8B8 second address: 112E8DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F45493BD406h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ecx 0x00000012 jp 00007F45493BD406h 0x00000018 pop ecx 0x00000019 jnp 00007F45493BD40Ch 0x0000001f jg 00007F45493BD406h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112EE44 second address: 112EE48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F17F second address: 112F183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F2D1 second address: 112F2D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F2D5 second address: 112F2E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 112F2E1 second address: 112F2E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11333D8 second address: 11333F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F45493BD410h 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11368B0 second address: 11368B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11368B6 second address: 11368BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11368BC second address: 11368DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F454889E286h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F454889E293h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B513 second address: 113B519 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B519 second address: 113B525 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F454889E28Eh 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B6CC second address: 113B6D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B6D4 second address: 113B6DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B6DC second address: 113B6E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F45493BD406h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B841 second address: 113B845 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B845 second address: 113B849 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B849 second address: 113B84F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B84F second address: 113B858 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113B858 second address: 113B862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113C53E second address: 113C544 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F690 second address: 113F695 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F695 second address: 113F6E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD40Dh 0x00000009 pop edx 0x0000000a jno 00007F45493BD415h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F45493BD411h 0x00000019 push eax 0x0000001a jmp 00007F45493BD40Fh 0x0000001f jl 00007F45493BD406h 0x00000025 pop eax 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F6E8 second address: 113F6FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F454889E292h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 113F885 second address: 113F88D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F33 second address: 1146F39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F39 second address: 1146F3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F3E second address: 1146F66 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E296h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F454889E28Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1146F66 second address: 1146F6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C116 second address: 114C11C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3A1 second address: 114C3BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F45493BD410h 0x0000000c jnl 00007F45493BD406h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3BE second address: 114C3CA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jg 00007F454889E286h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3CA second address: 114C3EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45493BD416h 0x00000008 jne 00007F45493BD406h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3EB second address: 114C3FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jp 00007F454889E286h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C3FB second address: 114C401 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C522 second address: 114C526 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F4591 second address: 10F45AC instructions: 0x00000000 rdtsc 0x00000002 jp 00007F45493BD40Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e ja 00007F45493BD406h 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114C9BB second address: 114C9C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114CB1D second address: 114CB3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F45493BD406h 0x0000000a jmp 00007F45493BD411h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114CB3A second address: 114CB4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F454889E286h 0x0000000d jo 00007F454889E286h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 114CB4D second address: 114CB6B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD418h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1150F61 second address: 1150F65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11510C2 second address: 11510D6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F45493BD406h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F45493BD41Ah 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11510D6 second address: 11510FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F454889E28Eh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F454889E294h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1151527 second address: 115154F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F45493BD40Dh 0x00000013 jmp 00007F45493BD40Ch 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1157DE8 second address: 1157DEE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1157DEE second address: 1157DF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1157DF4 second address: 1157DF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115841B second address: 115842D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F45493BD40Dh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115872C second address: 1158736 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1158736 second address: 115873B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11589CB second address: 11589D5 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F454889E28Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11589D5 second address: 11589F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F45493BD40Ch 0x00000014 jg 00007F45493BD406h 0x0000001a push eax 0x0000001b push edx 0x0000001c je 00007F45493BD406h 0x00000022 push ecx 0x00000023 pop ecx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11589F9 second address: 11589FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E0C4 second address: 115E0D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115E0D1 second address: 115E0D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D241 second address: 115D26C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Fh 0x00000007 jno 00007F45493BD406h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007F45493BD40Ch 0x00000015 jl 00007F45493BD406h 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D26C second address: 115D29A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F454889E296h 0x00000009 jmp 00007F454889E292h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D29A second address: 115D2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D2A3 second address: 115D2A8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D409 second address: 115D418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 jg 00007F45493BD40Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D695 second address: 115D69B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D69B second address: 115D6B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F45493BD40Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D831 second address: 115D840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F454889E286h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9BD second address: 115D9CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9CA second address: 115D9E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F454889E286h 0x0000000a popad 0x0000000b jmp 00007F454889E28Ch 0x00000010 popad 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9E7 second address: 115D9EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115D9EB second address: 115DA1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c pop edx 0x0000000d jmp 00007F454889E299h 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 115DB90 second address: 115DBB4 instructions: 0x00000000 rdtsc 0x00000002 je 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e jmp 00007F45493BD413h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116912D second address: 1169133 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169133 second address: 1169137 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169137 second address: 1169148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E28Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169148 second address: 116917F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD412h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jl 00007F45493BD418h 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007F45493BD406h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169532 second address: 1169536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169685 second address: 1169698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F45493BD406h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F45493BD406h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169698 second address: 116969C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116969C second address: 11696A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169D38 second address: 1169D3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1169EC6 second address: 1169F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jo 00007F45493BD40Eh 0x0000000b jbe 00007F45493BD406h 0x00000011 push eax 0x00000012 pop eax 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F45493BD415h 0x0000001b jmp 00007F45493BD415h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CC7 second address: 1168CCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CCB second address: 1168CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CD1 second address: 1168CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CD7 second address: 1168CF9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD414h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jl 00007F45493BD412h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CF9 second address: 1168CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168CFF second address: 1168D22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 jp 00007F45493BD406h 0x0000000b jmp 00007F45493BD417h 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1168D22 second address: 1168D39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F454889E292h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 116E9AA second address: 116E9C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F45493BD413h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1173495 second address: 11734B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E298h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11734B1 second address: 11734DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 js 00007F45493BD406h 0x0000000d push esi 0x0000000e pop esi 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F45493BD418h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1173166 second address: 117316C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 117316C second address: 1173191 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F45493BD40Ch 0x0000000f jl 00007F45493BD406h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1173191 second address: 11731AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push ecx 0x00000008 js 00007F454889E286h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F454889E28Bh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11731AD second address: 11731B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118497A second address: 118498E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F454889E28Ah 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11843FD second address: 1184403 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1184403 second address: 1184407 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1184407 second address: 118440B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118440B second address: 1184456 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F454889E295h 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F454889E28Eh 0x00000014 js 00007F454889E29Fh 0x0000001a jmp 00007F454889E297h 0x0000001f push edi 0x00000020 pop edi 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186BA8 second address: 1186BB1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186872 second address: 1186888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edi 0x00000007 pushad 0x00000008 jmp 00007F454889E28Ah 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186888 second address: 1186890 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1186890 second address: 11868BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F454889E28Fh 0x0000000f jmp 00007F454889E28Ah 0x00000014 jno 00007F454889E286h 0x0000001a popad 0x0000001b popad 0x0000001c pushad 0x0000001d push ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11868BF second address: 11868C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11868C8 second address: 11868CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11868CC second address: 11868E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD419h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1188388 second address: 118838E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118838E second address: 11883C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD415h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F45493BD416h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11883C2 second address: 11883C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11883C6 second address: 11883CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118D084 second address: 118D088 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 118FE0E second address: 118FE12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1195DF2 second address: 1195DF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1195DF6 second address: 1195DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CA20 second address: 119CA24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CA24 second address: 119CA2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CA2A second address: 119CA39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jo 00007F454889E286h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CCE3 second address: 119CCF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD411h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CCF9 second address: 119CCFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CCFE second address: 119CD1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD416h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119CD1F second address: 119CD61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F454889E286h 0x0000000a jnc 00007F454889E286h 0x00000010 popad 0x00000011 jmp 00007F454889E297h 0x00000016 push eax 0x00000017 push edx 0x00000018 ja 00007F454889E286h 0x0000001e jmp 00007F454889E292h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DE7E second address: 119DE9B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD413h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d push esi 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 119DE9B second address: 119DEB9 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F454889E286h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jmp 00007F454889E28Bh 0x00000010 pop edi 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push ebx 0x00000015 pushad 0x00000016 popad 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11A2BC0 second address: 11A2BDE instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F45493BD410h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6B5E second address: 11B6B85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F454889E297h 0x0000000f jns 00007F454889E286h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6B85 second address: 11B6B9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD411h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6B9A second address: 11B6BB1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F454889E288h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 jng 00007F454889E286h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BB1 second address: 11B6BBF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F45493BD406h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BBF second address: 11B6BC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BC5 second address: 11B6BC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BC9 second address: 11B6BE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E290h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B6BE3 second address: 11B6BFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F45493BD415h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11B8724 second address: 11B872A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0804 second address: 11E080E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F45493BD406h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E080E second address: 11E0838 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F454889E2B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F454889E28Ah 0x00000015 jmp 00007F454889E290h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0838 second address: 11E0842 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E0842 second address: 11E0846 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5A89 second address: 11E5A8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5A8F second address: 11E5B05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d pop ebx 0x0000000e je 00007F454889E288h 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 nop 0x00000018 mov edx, dword ptr [ebp+122D3847h] 0x0000001e push 00000004h 0x00000020 movzx edx, cx 0x00000023 call 00007F454889E289h 0x00000028 pushad 0x00000029 jmp 00007F454889E291h 0x0000002e jmp 00007F454889E294h 0x00000033 popad 0x00000034 push eax 0x00000035 jmp 00007F454889E299h 0x0000003a mov eax, dword ptr [esp+04h] 0x0000003e push ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 push edx 0x00000042 pop edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5B05 second address: 11E5B2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD412h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jno 00007F45493BD406h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E5B2A second address: 11E5B30 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E780F second address: 11E7820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F45493BD40Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E7325 second address: 11E733E instructions: 0x00000000 rdtsc 0x00000002 jng 00007F454889E286h 0x00000008 ja 00007F454889E286h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 jbe 00007F454889E286h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11E9499 second address: 11E94B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F45493BD412h 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B4B second address: 4B10B4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B4F second address: 4B10B53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B53 second address: 4B10B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B59 second address: 4B10B5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10B5E second address: 4B10BCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F454889E290h 0x00000009 pop ecx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d jns 00007F454889E2F6h 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F454889E297h 0x0000001a sbb ecx, 47E3D38Eh 0x00000020 jmp 00007F454889E299h 0x00000025 popfd 0x00000026 jmp 00007F454889E290h 0x0000002b popad 0x0000002c add eax, ecx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10BCE second address: 4B10BD4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B10BD4 second address: 4B10C63 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F454889E294h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax+00000860h] 0x0000000f jmp 00007F454889E290h 0x00000014 test eax, eax 0x00000016 pushad 0x00000017 call 00007F454889E28Eh 0x0000001c call 00007F454889E292h 0x00000021 pop ecx 0x00000022 pop ebx 0x00000023 call 00007F454889E290h 0x00000028 mov ax, FA41h 0x0000002c pop ecx 0x0000002d popad 0x0000002e je 00007F45BA6C43A8h 0x00000034 jmp 00007F454889E28Dh 0x00000039 test byte ptr [eax+04h], 00000005h 0x0000003d push eax 0x0000003e push edx 0x0000003f jmp 00007F454889E28Dh 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10F921C second address: 10F922A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F45493BD40Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: F53E3A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10EB56C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10EB810 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1112AB0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 10F3B3D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 1175650 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 2268	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2912	Thread sleep time: -30000s >= -30000s			Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2165405758.0000000000AAC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2165452530.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166127943.0000000000AAD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2166053911.0000000000A9E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2166536577.00000000010C8000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.2165947325.0000000000A3E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00F35BB0 LdrInitializeThunk,

0_2_00F35BB0

HIPS / PFW / Operating System Protection Evasion

LummaC encrypted strings found

Source: file.exe	String found in binary or memory: licendfilteo.site
Source: file.exe	String found in binary or memory: clearancek.site
Source: file.exe	String found in binary or memory: bathdoomgaz.store
Source: file.exe	String found in binary or memory: spirittunek.store
Source: file.exe	String found in binary or memory: dissapoiznw.store
Source: file.exe	String found in binary or memory: studennotediw.store
Source: file.exe	String found in binary or memory: mobbipenju.store
Source: file.exe	String found in binary or memory: eaglepawnoy.store

Source: file.exe, 00000000.00000002.2166811610.0000000001111000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: aProgram Manager

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Stealing of Sensitive Information

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

Remote Access Functionality

Yara detected LummaC Stealer

Source: Yara match

File source: decrypted.memstr, type: MEMORYSTR

ID:	1542212
Product:	CloudBasic
Start time:	16:47:38
Start date:	25.10.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	f031a66d5204065098bbc0f49e926344
SHA1:	e695a8f3461113fb2e8078f95545d4b1c014a63a
SHA256:	8e51964eeb20bc96f08331b69264cb9c6a341ef7dff93ed81e4576824f599c33
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Compliance

Software Vulnerabilities

Networking

System Summary

Data Obfuscation

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted Domains

Contacted URLs

Windows Analysis Report
file.exe

Malware Threat Intel
Provided by