Windows Analysis Report
file.exe

AV Detection

Source: file.exe

Avira: detected

Source: file.exe.7804.1.memstrmin

Malware Configuration Extractor: LummaC {"C2 url": "https://property-imper.sbs/api", "Build Version": "LOGS11--LiveTraffi"}

Source: file.exe	ReversingLabs: Detection: 44%
Source: file.exe	Virustotal: Detection: 54%			Perma Link

Source: file.exe

Joe Sandbox ML: detected

Phishing

Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon
Source: https://learn.microsoft.com/en-us/dotnet/framework/install/application-not-started?version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0	HTTP Parser: No favicon

Compliance

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:49980 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.10:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.10:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.10:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.10:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.10:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.10:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.10:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.10:49983 version: TLS 1.2

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000001.00000003.1645992128.0000000008130000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.1736867179.0000000006012000.00000040.00000800.00020000.00000000.sdmp

Networking

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.10:49716 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49716 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2049812 - Severity 1 - ET MALWARE Lumma Stealer Related Activity M2 : 192.168.2.10:49722 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49722 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.10:49755 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.10:49775 -> 172.67.162.84:443

Source: Malware configuration extractor

URLs: https://property-imper.sbs/api

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.18.0 (Ubuntu)Date: Sun, 24 Nov 2024 07:44:05 GMTContent-Type: application/octet-streamContent-Length: 2813440Last-Modified: Sun, 24 Nov 2024 07:16:41 GMTConnection: keep-aliveETag: "6742d2d9-2aee00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 7a 86 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 50 28 2c 65 00 00 00 00 00 00 00 00 e0 00 22 00 0b 01 30 00 00 24 00 00 00 08 00 00 00 00 00 00 00 60 2b 00 00 20 00 00 00 60 00 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 a0 2b 00 00 04 00 00 9c 94 2b 00 02 00 60 00 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 55 80 00 00 69 00 00 00 00 60 00 00 9c 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 81 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 20 20 00 20 20 20 20 00 40 00 00 00 20 00 00 00 12 00 00 00 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 72 73 72 63 00 00 00 9c 05 00 00 00 60 00 00 00 06 00 00 00 32 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 20 20 00 20 00 00 00 80 00 00 00 02 00 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 70 79 70 64 63 69 70 79 00 a0 2a 00 00 a0 00 00 00 8e 2a 00 00 3a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 6d 6b 6a 6e 67 77 70 76 00 20 00 00 00 40 2b 00 00 04 00 00 00 c8 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 2e 74 61 67 67 61 6e 74 00 40 00 00 00 60 2b 00 00 22 00 00 00 cc 2a 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Joe Sandbox View	IP Address: 13.107.246.63 13.107.246.63
Source: Joe Sandbox View	IP Address: 185.215.113.16 185.215.113.16
Source: Joe Sandbox View	IP Address: 172.67.162.84 172.67.162.84

Source: Joe Sandbox View	JA3 fingerprint: 1138de370e523e824bbca92d049a3777
Source: Joe Sandbox View	JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4
Source: Joe Sandbox View	JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49716 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49741 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49722 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49748 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49763 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49755 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49730 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.10:49775 -> 172.67.162.84:443
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.10:49781 -> 185.215.113.16:80

Source: unknown

HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:49980 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.55
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.85
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 4.175.87.197
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.16

Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZuLVKpZ2SH8G6f3&MD=MS8COkYs HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule90401v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://learn.microsoft.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /mscc/lib/v2/wcp-consent.js HTTP/1.1Host: wcpstatic.microsoft.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/c/ms.jsll-4.min.js HTTP/1.1Host: js.monitor.azure.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=ZuLVKpZ2SH8G6f3&MD=MS8COkYs HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /off/def.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Host: 185.215.113.16

Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: href="https://www.facebook.com/sharer/sharer.php?u=${s}" equals www.facebook.com (Facebook)
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: href="https://www.linkedin.com/cws/share?url=${s}" equals www.linkedin.com (Linkedin)
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI||{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.facebook.com (Facebook)
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI||{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.linkedin.com (Linkedin)
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: </section>`}function Dce(e=tw,t=gp){return sl(M4,e,t)}function $ce(e=aw,t=sw){return sl(t4,e,t)}var vI=(s=>(s.facebook="facebook",s.twitter="twitter",s.linkedin="linkedin",s.email="email",s.weibo="weibo",s))(vI||{}),LRe={facebook:"https://www.facebook.com/sharer/sharer.php?u={url}",twitter:"https://twitter.com/intent/tweet?original_referer={url}&text={achievementCopy}&tw_p=tweetbutton&url={url}",linkedin:"https://www.linkedin.com/feed/?shareActive=true&text={body}",email:"mailto:?subject={subject}&body={body}",weibo:"http://service.weibo.com/share/share.php?title={title}&url={url}"};function $x(e,t,o){let n=encodeURIComponent(t),r=new URL(e);r.hostname="learn.microsoft.com";let s=r.href+=(e.indexOf("?")!==-1?"&":"?")+"WT.mc_id=",i=L.sharingId?`&sharingId=${L.sharingId}`:"";return Object.values(vI).reduce((l,c)=>{if(_.data.isPermissioned)return l[c]="#",l;let d=encodeURIComponent(s+c+i),u=o?.achievementCopyTitle?.overrideTitle??t,p=encodeURIComponent(rQ.replace("{achievementTitle}",o?.achievementCopyTitle?.isUnquoted?`${u}`:`"${u}"`)),g={achievementCopy:p,url:d,title:n,body:`${p}${encodeURIComponent(` equals www.twitter.com (Twitter)

Source: global traffic	DNS traffic detected: DNS query: property-imper.sbs
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: js.monitor.azure.com
Source: global traffic	DNS traffic detected: DNS query: mdec.nelreports.net

Source: unknown

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: property-imper.sbs

Source: file.exe, 00000001.00000002.1730648035.0000000000B15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1646578503.0000000000B62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exe
Source: file.exe, 00000001.00000002.1730486808.00000000008FA000.00000004.00000010.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exepleWebKit/537.36
Source: file.exe, 00000001.00000002.1730648035.0000000000B15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1646578503.0000000000B62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/off/def.exes
Source: file.exe, 00000001.00000002.1730648035.0000000000B15000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1646578503.0000000000B62000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.16/steam/random.exe
Source: file.exe, 00000001.00000003.1444762763.00000000057E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
Source: file.exe, 00000001.00000003.1444762763.00000000057E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
Source: file.exe, 00000001.00000003.1551322569.0000000000B54000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro8
Source: file.exe, 00000001.00000003.1444762763.00000000057E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
Source: file.exe, 00000001.00000003.1444762763.00000000057E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
Source: file.exe, 00000001.00000003.1444762763.00000000057E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: file.exe, 00000001.00000003.1444762763.00000000057E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
Source: file.exe, 00000001.00000003.1444762763.00000000057E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
Source: file.exe, 00000001.00000003.1444762763.00000000057E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: file.exe, 00000001.00000003.1444762763.00000000057E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: http://polymer.github.io/AUTHORS.txt
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: http://polymer.github.io/CONTRIBUTORS.txt
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: http://polymer.github.io/LICENSE.txt
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: http://polymer.github.io/PATENTS.txt
Source: chromecache_133.8.dr	String found in binary or memory: http://schema.org/Organization
Source: file.exe, 00000001.00000003.1444762763.00000000057E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.c.lencr.org/0
Source: file.exe, 00000001.00000003.1444762763.00000000057E2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://x1.i.lencr.org/0
Source: file.exe, 00000001.00000003.1386903755.00000000057E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387284219.00000000057E6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387080103.00000000057E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://aka.ms/MSIgniteChallenge/Tier1Banner?wt.mc_id=ignite24_learnbanner_tier1_cnl
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://aka.ms/certhelp
Source: chromecache_133.8.dr	String found in binary or memory: https://aka.ms/feedback/report?space=61
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://aka.ms/msignite_docs_banner
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://aka.ms/pshelpmechoose
Source: chromecache_133.8.dr	String found in binary or memory: https://aka.ms/yourcaliforniaprivacychoices
Source: chromecache_133.8.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/69c76c32-967e-4c65-b89a-74cc527db725
Source: chromecache_133.8.dr	String found in binary or memory: https://authoring-docs-microsoft.poolparty.biz/devrel/7696cda6-0510-47f6-8302-71bb5d2e28cf
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://aznb-ame-prod.azureedge.net/component/$
Source: file.exe, 00000001.00000003.1468290914.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700
Source: file.exe, 00000001.00000003.1468290914.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696497267574.12791&key=1696497267400700002.1&cta
Source: file.exe, 00000001.00000003.1386903755.00000000057E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387284219.00000000057E6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387080103.00000000057E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000001.00000003.1386903755.00000000057E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387284219.00000000057E6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387080103.00000000057E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000001.00000003.1386903755.00000000057E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387284219.00000000057E6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387080103.00000000057E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://channel9.msdn.com/
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://client-api.arkoselabs.com/v2/api.js
Source: file.exe, 00000001.00000003.1468290914.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/5b4DH7KHAf2n_mNaLjNi1-UAoKmM9rhqaA9w7FyznHo.10943.jpg
Source: file.exe, 00000001.00000003.1468290914.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000001.00000003.1386903755.00000000057E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387284219.00000000057E6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387080103.00000000057E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000001.00000003.1386903755.00000000057E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387284219.00000000057E6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387080103.00000000057E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000001.00000003.1386903755.00000000057E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387284219.00000000057E6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387080103.00000000057E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: chromecache_133.8.dr	String found in binary or memory: https://github.com/Thraka
Source: chromecache_133.8.dr	String found in binary or memory: https://github.com/Youssef1313
Source: chromecache_133.8.dr	String found in binary or memory: https://github.com/adegeo
Source: chromecache_133.8.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/17c4acca45e573a92878a44a2cce57d699fe9c7c/docs/framework/install/
Source: chromecache_133.8.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/live/docs/framework/install/application-not-started.md
Source: chromecache_133.8.dr	String found in binary or memory: https://github.com/dotnet/docs/blob/main/docs/framework/install/application-not-started.md
Source: chromecache_133.8.dr	String found in binary or memory: https://github.com/dotnet/docs/issues/new?template=z-customer-feedback.yml
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://github.com/dotnet/try
Source: chromecache_133.8.dr	String found in binary or memory: https://github.com/gewarren
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://github.com/jonschlinkert/is-plain-object
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://github.com/js-cookie/js-cookie
Source: chromecache_133.8.dr	String found in binary or memory: https://github.com/mairaw
Source: chromecache_133.8.dr	String found in binary or memory: https://github.com/nschonni
Source: file.exe, 00000001.00000003.1468290914.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqrfQHr4pbW4ZbWfpbY7ReNxR3UIG8zInwYIFIVs9eYi
Source: chromecache_133.8.dr	String found in binary or memory: https://js.monitor.azure.com/scripts/c/ms.jsll-4.min.js
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://learn-video.azurefd.net/vod/player
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/consoles/default?api-version=2017-12-01-prev
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://management.azure.com/providers/Microsoft.Portal/userSettings/cloudconsole?api-version=2023-0
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://management.azure.com/subscriptions?api-version=2016-06-01
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://octokit.github.io/rest.js/#throttling
Source: file.exe, 00000001.00000003.1419909115.0000000005826000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs//
Source: file.exe, 00000001.00000003.1472386695.0000000000B99000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1468290914.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1492199573.0000000000B99000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/J/z
Source: file.exe, file.exe, 00000001.00000003.1472386695.0000000000B99000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1492226874.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1468290914.0000000000B98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1491848187.0000000000B86000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1551248310.0000000000B87000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1512398815.0000000000B7F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1468317163.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000002.1730648035.0000000000B07000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1498393669.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1551346577.0000000000B89000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1386021746.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/api
Source: file.exe, 00000001.00000003.1468317163.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/apiBo
Source: file.exe, 00000001.00000003.1468317163.0000000000B7C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://property-imper.sbs/apiiw
Source: chromecache_125.8.dr	String found in binary or memory: https://schema.org
Source: file.exe, 00000001.00000003.1446273528.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000001.00000003.1446273528.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.all
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://twitter.com/intent/tweet?original_referer=$
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-09ce73a6-05a5-4e4d-b3d7-bd5a8c05
Source: chromecache_125.8.dr	String found in binary or memory: https://videoencodingpublic-hgeaeyeba8gycee3.b01.azurefd.net/public-b4da8140-92cf-421c-8b7b-e471d5b9
Source: file.exe, 00000001.00000003.1468290914.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_15e498ec2b39921665a1fbc954bff40a8106629178eadc64
Source: file.exe, 00000001.00000003.1386903755.00000000057E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387284219.00000000057E6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387080103.00000000057E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000001.00000003.1386903755.00000000057E9000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387284219.00000000057E6000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1387080103.00000000057E6000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: chromecache_113.8.dr, chromecache_125.8.dr	String found in binary or memory: https://www.linkedin.com/cws/share?url=$
Source: file.exe, 00000001.00000003.1468290914.0000000000B98000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.marriott.com/default.mi?utm_source=admarketplace&utm_medium=cpc&utm_campaign=Marriott_Pr
Source: file.exe, 00000001.00000003.1446273528.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.d-GHL1OW1fkT
Source: file.exe, 00000001.00000003.1446273528.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.sYEKgG4Or0s6
Source: file.exe, 00000001.00000003.1446273528.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000001.00000003.1446273528.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000001.00000003.1446273528.00000000058DA000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown	Network traffic detected: HTTP traffic on port 50039 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49989 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49933 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 49921 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 50062 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 50017 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49980 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 50084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49888
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 50038 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50005 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49997
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown	Network traffic detected: HTTP traffic on port 50016 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50027 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown	Network traffic detected: HTTP traffic on port 50013 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50036 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49975 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50060 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50025 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49999 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50007
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50009
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50008
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50000
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50003
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50002
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50005
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50004
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49997 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50003 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49987 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50069 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49984 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50022 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50062
Source: unknown	Network traffic detected: HTTP traffic on port 50068 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49996 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50009 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49972 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50086
Source: unknown	Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49974 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50013
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50016
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50021
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50000 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50021 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50039
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50036
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50038
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50044 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50007 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50076 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443

Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.10:49707 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49716 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.10:49723 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49730 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.10:49729 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.10:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.10:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49748 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49755 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 172.67.162.84:443 -> 192.168.2.10:49775 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.10:49819 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.55:443 -> 192.168.2.10:49832 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.175.87.197:443 -> 192.168.2.10:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.246.63:443 -> 192.168.2.10:49983 version: TLS 1.2

System Summary

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72F10		1_3_00B72F10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72F10		1_3_00B72F10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72F10		1_3_00B72F10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72F10		1_3_00B72F10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72F10		1_3_00B72F10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72F10		1_3_00B72F10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B74B97		1_3_00B74B97
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72F10		1_3_00B72F10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72F10		1_3_00B72F10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72F10		1_3_00B72F10
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72EF5		1_3_00B72EF5
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B72A53		1_3_00B72A53

Source: file.exe, 00000001.00000003.1610805818.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1602638941.0000000005D07000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1620513349.0000000005D88000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1619132720.0000000005C53000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1616302553.0000000005E90000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1614653932.0000000005C54000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1611524399.0000000005C56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1600367495.0000000005C52000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1618980470.0000000005D75000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1615752641.0000000005D6A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1623476165.0000000005C59000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1615163154.0000000005D52000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000002.1735914054.00000000057CD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1603019683.0000000005D0C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1601631971.0000000005CFB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1610662626.0000000005D37000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1609320009.0000000005D3E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1618833572.0000000005C54000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1608357034.0000000005D18000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1610410514.0000000005C59000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1604679221.0000000005DCF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1609754756.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1622125516.0000000005D84000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1601794088.0000000005DB0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1609072732.0000000005C61000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1612737524.0000000005E51000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1620043714.0000000005D90000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1616467871.0000000005C54000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1601309673.0000000005CF5000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1601459181.0000000005C57000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1646440040.0000000005861000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1611395815.0000000005E2B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1603465760.0000000005C55000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1620945265.0000000005C54000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1600788102.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1604539534.0000000005D08000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1613019878.0000000005D42000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1614015656.0000000005D61000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1611097936.0000000005C53000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1609933482.0000000005D3D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1601928672.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000002.1730648035.0000000000B86000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1625261437.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1600453963.00000000058B6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1600537778.0000000005C5B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1614394038.0000000005E70000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1619370224.0000000005D7E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1599142661.0000000005CEE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1611246844.0000000005D3A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1615602441.0000000005C60000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1608197221.0000000005C52000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1613693926.0000000005C53000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1611705906.0000000005D50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1624211751.0000000005D97000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1620337310.0000000005C55000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1609466262.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1600619028.0000000005CF6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1608761046.0000000005D1D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1608571513.0000000005C52000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1646733544.0000000000B99000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1605322163.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1600957937.0000000005CF8000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1621180254.0000000005D84000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1598970493.00000000058BC000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1598878290.0000000005A52000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1623290061.0000000005DAD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1617160392.0000000005C5D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1617889988.0000000005C59000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1624809456.0000000005EDF000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1621438347.0000000005C52000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1615378647.0000000005E5A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1615918236.0000000005C5A000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1609594253.0000000005D3C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1599047345.0000000005C56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1599259998.00000000058B9000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1608915991.0000000005DE7000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1617487328.0000000005D81000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1619650184.0000000005EAB000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1616079908.0000000005D6F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1616842800.0000000005E8F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1625466930.0000000005DAD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000002.1736896286.0000000006016000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1602853199.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1622969589.0000000005C60000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1601185609.0000000005C55000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1619806218.0000000005C54000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1625800508.0000000005DB0000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1612521124.0000000005D50000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1607832828.0000000005D18000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1618403526.0000000005D7B000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1610951263.0000000005D3D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1602374061.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1602172512.0000000005D07000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1613282284.0000000005E3C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1622689614.0000000005ECD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1610254457.0000000005D35000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1610115216.0000000005C57000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1612118870.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1608015442.0000000005DDD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1616610573.0000000005D6C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1614995056.0000000005C56000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1614830189.0000000005D61000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1607329774.0000000005D1D000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1625623192.0000000005C5E000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1612859528.0000000005C52000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000003.1607633650.0000000005C58000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000001.00000002.1736477844.0000000005C5C000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9993148053278689
Source: file.exe	Static PE information: Section: zvmykcec ZLIB complexity 0.9943194403425871

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@24/70@9/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe, 00000001.00000003.1390220404.00000000057BA000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1421030486.00000000057DF000.00000004.00000800.00020000.00000000.sdmp, file.exe, 00000001.00000003.1388283083.00000000057D4000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: file.exe	ReversingLabs: Detection: 44%
Source: file.exe	Virustotal: Detection: 54%

Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe	String found in binary or memory: 3The file %s is missing. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=1924,i,5708739163240515119,9735538660646773485,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2008,i,13480779338358767381,12639924099947820658,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2536 --field-trial-handle=1924,i,5708739163240515119,9735538660646773485,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2036 --field-trial-handle=2008,i,13480779338358767381,12639924099947820658,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.shell.servicehostbuilder.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecoreuapcommonproxystub.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ieframe.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netapi32.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.staterepositoryps.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: edputil.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: secur32.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mlang.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: policymanager.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp110_win.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: onecorecommonproxystub.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ieframe.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netapi32.dll			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wkscli.dll			Jump to behavior

Source: Google Drive.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.7.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe

Static file information: File size 1905152 > 1048576

Source: file.exe

Static PE information: Raw size of zvmykcec is bigger than: 0x100000 < 0x1a7400

Source:

Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000001.00000003.1645992128.0000000008130000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000001.00000002.1736867179.0000000006012000.00000040.00000800.00020000.00000000.sdmp

Data Obfuscation

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 1.2.file.exe.e00000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zvmykcec:EW;moejyldo:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zvmykcec:EW;moejyldo:EW;.taggant:EW;

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1d2b3e should be: 0x1d5056

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: zvmykcec
Source: file.exe	Static PE information: section name: moejyldo
Source: file.exe	Static PE information: section name: .taggant

Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B8D208 push eax; iretd		1_3_00B8D209
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B8CF80 push eax; iretd		1_3_00B8CF81
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B8D280 push eax; iretd		1_3_00B8D281
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B8D5F0 pushad ; retf		1_3_00B8D5F2
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B8CB75 pushad ; retf		1_3_00B8CB81
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7
Source: C:\Users\user\Desktop\file.exe	Code function: 1_3_00B732F4 push esi; retf		1_3_00B732F7

Source: file.exe	Static PE information: section name: entropy: 7.977673528702958
Source: file.exe	Static PE information: section name: zvmykcec entropy: 7.954324471669253

Boot Survival

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS			Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk			Jump to behavior

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\file.exe

System information queried: FirmwareTableInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE3876 second address: FE38AC instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1520D32C96h 0x00000008 jmp 00007F1520D32CA2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 jmp 00007F1520D32CA6h 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2860 second address: FE2876 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F15206D4F10h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2876 second address: FE287A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE287A second address: FE2888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jl 00007F15206D4F06h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2888 second address: FE288C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE2BAE second address: FE2BB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE301B second address: FE3022 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE318F second address: FE3195 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE3195 second address: FE319F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE56F8 second address: FE5728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F15206D4F19h 0x00000009 popad 0x0000000a jl 00007F15206D4F0Ch 0x00000010 je 00007F15206D4F06h 0x00000016 popad 0x00000017 push eax 0x00000018 push ecx 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE5728 second address: FE573C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a js 00007F1520D32CAFh 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE573C second address: FE5764 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F15206D4F0Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE5764 second address: FE57AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e je 00007F1520D32C9Ah 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov esi, dword ptr [ebp+122D3C17h] 0x0000001f lea ebx, dword ptr [ebp+1245C4F7h] 0x00000025 mov dword ptr [ebp+122D1C20h], edi 0x0000002b xchg eax, ebx 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F1520D32CA6h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FE5888 second address: FE58AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F15206D4F11h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD3271 second address: FD3277 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD3277 second address: FD3281 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10052CC second address: 10052E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F1520D32CA5h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1005744 second address: 1005798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F15206D4F06h 0x0000000a popad 0x0000000b jne 00007F15206D4F30h 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 pop edx 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F15206D4F0Eh 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1005798 second address: 100579C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100579C second address: 10057AA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F0Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10057AA second address: 10057B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10057B0 second address: 10057B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1005A01 second address: 1005A06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1005D18 second address: 1005D1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1005D1C second address: 1005D20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10060DF second address: 10060F7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F15206D4F0Fh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10060F7 second address: 1006109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1520D32C9Dh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1006228 second address: 1006231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1006231 second address: 1006235 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1006235 second address: 1006264 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 jp 00007F15206D4F06h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 jo 00007F15206D4F17h 0x00000018 jmp 00007F15206D4F11h 0x0000001d push eax 0x0000001e push edx 0x0000001f push edi 0x00000020 pop edi 0x00000021 push eax 0x00000022 pop eax 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10063BC second address: 10063C2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10063C2 second address: 10063E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F15206D4F19h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10063E0 second address: 10063EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F1520D32C96h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FFD7A5 second address: FFD7C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F15206D4F06h 0x0000000a pop esi 0x0000000b popad 0x0000000c pushad 0x0000000d push ecx 0x0000000e jmp 00007F15206D4F0Eh 0x00000013 pop ecx 0x00000014 push ecx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1006C75 second address: 1006C83 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1006FBD second address: 1006FC9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F15206D4F06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1006FC9 second address: 1006FD0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1006FD0 second address: 1006FD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100B512 second address: 100B529 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F1520D32C9Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100A32C second address: 100A343 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F15206D4F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 jno 00007F15206D4F06h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100AA18 second address: 100AA27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100AA27 second address: 100AA2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100BE05 second address: 100BE09 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 100BE09 second address: 100BE0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDD18F second address: FDD195 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FDD195 second address: FDD1C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 jno 00007F15206D4F06h 0x0000000e jmp 00007F15206D4F0Bh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 jmp 00007F15206D4F12h 0x0000001b push eax 0x0000001c push edx 0x0000001d push esi 0x0000001e pop esi 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10128F9 second address: 10128FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1012FBD second address: 1012FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1013160 second address: 101316A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F1520D32C96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101316A second address: 101317A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F15206D4F06h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101317A second address: 101317E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1016379 second address: 1016386 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1016386 second address: 101638C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101638C second address: 1016393 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1016883 second address: 10168BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1520D32CA0h 0x00000008 jl 00007F1520D32C96h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], ebx 0x00000014 nop 0x00000015 jmp 00007F1520D32CA1h 0x0000001a push eax 0x0000001b jl 00007F1520D32CA0h 0x00000021 push eax 0x00000022 push edx 0x00000023 push ebx 0x00000024 pop ebx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10172F8 second address: 10172FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1017D50 second address: 1017D56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10199C4 second address: 10199CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10196F7 second address: 10196FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10199CE second address: 10199F2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10199F2 second address: 10199F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10199F6 second address: 1019A7B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F15206D4F08h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 mov dword ptr [ebp+122D1F5Dh], ecx 0x00000028 mov si, 3DEBh 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push esi 0x00000031 call 00007F15206D4F08h 0x00000036 pop esi 0x00000037 mov dword ptr [esp+04h], esi 0x0000003b add dword ptr [esp+04h], 0000001Bh 0x00000043 inc esi 0x00000044 push esi 0x00000045 ret 0x00000046 pop esi 0x00000047 ret 0x00000048 mov dword ptr [ebp+1245E2CDh], eax 0x0000004e push 00000000h 0x00000050 mov dword ptr [ebp+122D193Fh], esi 0x00000056 xchg eax, ebx 0x00000057 pushad 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F15206D4F18h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1019A7B second address: 1019A7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1019A7F second address: 1019A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101CCBB second address: 101CCE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F1520D32C9Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F1520D32CA7h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101CCE5 second address: 101CCFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F12h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101D332 second address: 101D3C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 push eax 0x00000007 jmp 00007F1520D32CA8h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F1520D32C98h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+12487DBFh], eax 0x0000002d push 00000000h 0x0000002f jmp 00007F1520D32CA3h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edx 0x00000039 call 00007F1520D32C98h 0x0000003e pop edx 0x0000003f mov dword ptr [esp+04h], edx 0x00000043 add dword ptr [esp+04h], 00000018h 0x0000004b inc edx 0x0000004c push edx 0x0000004d ret 0x0000004e pop edx 0x0000004f ret 0x00000050 sub dword ptr [ebp+122D232Bh], eax 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 jp 00007F1520D32C9Ch 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101DEEC second address: 101DF70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F15206D4F12h 0x00000009 popad 0x0000000a pop esi 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push edi 0x00000011 call 00007F15206D4F08h 0x00000016 pop edi 0x00000017 mov dword ptr [esp+04h], edi 0x0000001b add dword ptr [esp+04h], 00000018h 0x00000023 inc edi 0x00000024 push edi 0x00000025 ret 0x00000026 pop edi 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D3917h], ebx 0x0000002e push 00000000h 0x00000030 and edi, 47F5FB00h 0x00000036 push 00000000h 0x00000038 push 00000000h 0x0000003a push edx 0x0000003b call 00007F15206D4F08h 0x00000040 pop edx 0x00000041 mov dword ptr [esp+04h], edx 0x00000045 add dword ptr [esp+04h], 00000015h 0x0000004d inc edx 0x0000004e push edx 0x0000004f ret 0x00000050 pop edx 0x00000051 ret 0x00000052 xchg eax, ebx 0x00000053 jmp 00007F15206D4F10h 0x00000058 push eax 0x00000059 push eax 0x0000005a push edx 0x0000005b push eax 0x0000005c push edx 0x0000005d jbe 00007F15206D4F06h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101DF70 second address: 101DF76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101B8E7 second address: 101B8F1 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F15206D4F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101B8F1 second address: 101B8FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F1520D32C96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101B8FB second address: 101B912 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F15206D4F0Ch 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1022EF9 second address: 1022F0E instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1520D32C9Ch 0x00000008 jnl 00007F1520D32C96h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023097 second address: 1023140 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ebx, 5877DDC0h 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007F15206D4F08h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 0000001Ah 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 or di, 5D4Dh 0x00000037 mov edi, esi 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 mov dword ptr [ebp+122D1AF4h], ebx 0x00000046 jmp 00007F15206D4F17h 0x0000004b mov eax, dword ptr [ebp+122D02F9h] 0x00000051 mov edi, dword ptr [ebp+122D37D2h] 0x00000057 movzx ebx, di 0x0000005a push FFFFFFFFh 0x0000005c mov edi, dword ptr [ebp+122D3C63h] 0x00000062 nop 0x00000063 pushad 0x00000064 jmp 00007F15206D4F19h 0x00000069 push eax 0x0000006a push edx 0x0000006b push eax 0x0000006c push edx 0x0000006d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023140 second address: 1023144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025087 second address: 102508F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023144 second address: 1023165 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F1520D32CA7h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102508F second address: 1025093 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1023165 second address: 102316B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025093 second address: 1025097 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102316B second address: 102316F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1027152 second address: 102715F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025268 second address: 102526E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102526E second address: 1025290 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCFD0A second address: FCFD0E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025290 second address: 1025295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCFD0E second address: FCFD31 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F1520D32CA7h 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025295 second address: 102529F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F15206D4F06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1025352 second address: 1025356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1028756 second address: 102875A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102875A second address: 10287DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F1520D32C98h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 0000001Ah 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 movzx ebx, di 0x00000029 push eax 0x0000002a mov dword ptr [ebp+122D23B5h], esi 0x00000030 pop ebx 0x00000031 push 00000000h 0x00000033 push 00000000h 0x00000035 push esi 0x00000036 call 00007F1520D32C98h 0x0000003b pop esi 0x0000003c mov dword ptr [esp+04h], esi 0x00000040 add dword ptr [esp+04h], 00000016h 0x00000048 inc esi 0x00000049 push esi 0x0000004a ret 0x0000004b pop esi 0x0000004c ret 0x0000004d mov ebx, dword ptr [ebp+122D3BABh] 0x00000053 xchg eax, esi 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 jmp 00007F1520D32CA0h 0x0000005c pushad 0x0000005d popad 0x0000005e popad 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10287DB second address: 10287E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10287E0 second address: 10287E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102B9A1 second address: 102B9B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10288FF second address: 1028903 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1029946 second address: 1029950 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F15206D4F06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102B9B1 second address: 102B9C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F1520D32C96h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1028903 second address: 1028911 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnp 00007F15206D4F06h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1028911 second address: 1028927 instructions: 0x00000000 rdtsc 0x00000002 je 00007F1520D32C96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F1520D32C98h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1028927 second address: 1028992 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F15206D4F08h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d mov edi, edx 0x0000000f push dword ptr fs:[00000000h] 0x00000016 sub dword ptr [ebp+122D1B13h], edi 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 xor bh, FFFFFFFFh 0x00000026 mov eax, dword ptr [ebp+122D0DADh] 0x0000002c push 00000000h 0x0000002e push edi 0x0000002f call 00007F15206D4F08h 0x00000034 pop edi 0x00000035 mov dword ptr [esp+04h], edi 0x00000039 add dword ptr [esp+04h], 00000015h 0x00000041 inc edi 0x00000042 push edi 0x00000043 ret 0x00000044 pop edi 0x00000045 ret 0x00000046 push FFFFFFFFh 0x00000048 jmp 00007F15206D4F15h 0x0000004d nop 0x0000004e push eax 0x0000004f push edx 0x00000050 jnc 00007F15206D4F08h 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102C9DA second address: 102C9DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1028992 second address: 10289A4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F15206D4F08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10289A4 second address: 10289A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102CA5D second address: 102CA79 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102D82F second address: 102D88D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F1520D32C98h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 movsx edi, si 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push ebp 0x0000002f call 00007F1520D32C98h 0x00000034 pop ebp 0x00000035 mov dword ptr [esp+04h], ebp 0x00000039 add dword ptr [esp+04h], 00000018h 0x00000041 inc ebp 0x00000042 push ebp 0x00000043 ret 0x00000044 pop ebp 0x00000045 ret 0x00000046 add dword ptr [ebp+12487DBFh], edx 0x0000004c push 00000000h 0x0000004e push edx 0x0000004f pop ebx 0x00000050 push eax 0x00000051 push ecx 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102D88D second address: 102D891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102D891 second address: 102D895 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E972 second address: 102E978 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E978 second address: 102E97C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E97C second address: 102E9E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, dword ptr [ebp+122D3386h] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F15206D4F08h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 00000017h 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d mov edi, dword ptr [ebp+122D1F51h] 0x00000033 mov dword ptr [ebp+1245E2CDh], eax 0x00000039 add dword ptr [ebp+1245DD66h], ecx 0x0000003f push 00000000h 0x00000041 push 00000000h 0x00000043 push ebx 0x00000044 call 00007F15206D4F08h 0x00000049 pop ebx 0x0000004a mov dword ptr [esp+04h], ebx 0x0000004e add dword ptr [esp+04h], 00000014h 0x00000056 inc ebx 0x00000057 push ebx 0x00000058 ret 0x00000059 pop ebx 0x0000005a ret 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 jng 00007F15206D4F06h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E9E9 second address: 102E9ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E9ED second address: 102E9F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102E9F3 second address: 102E9FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F1520D32C96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102F865 second address: 102F86D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1031AE3 second address: 1031AED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F1520D32C96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1031AED second address: 1031AF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD1787 second address: FD178C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FD178C second address: FD17A4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jo 00007F15206D4F06h 0x00000009 jo 00007F15206D4F06h 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F15206D4F06h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038BB0 second address: 1038BC7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F1520D32C9Fh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038BC7 second address: 1038BCC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038D8A second address: 1038DA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F1520D32CA4h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038DA8 second address: 1038DAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038F28 second address: 1038F2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038F2C second address: 1038F53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F15206D4F06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F15206D4F17h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1038F53 second address: 1038F68 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102BAE2 second address: 102BAE6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102D9F0 second address: 102D9FA instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1520D32C96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102D9FA second address: 102DA1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jo 00007F15206D4F0Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102DA1A second address: 102DA22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102DA22 second address: 102DA9D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 adc di, 2EF1h 0x0000000d push dword ptr fs:[00000000h] 0x00000014 or dword ptr [ebp+122D232Bh], esi 0x0000001a mov dword ptr fs:[00000000h], esp 0x00000021 push 00000000h 0x00000023 push edx 0x00000024 call 00007F15206D4F08h 0x00000029 pop edx 0x0000002a mov dword ptr [esp+04h], edx 0x0000002e add dword ptr [esp+04h], 00000014h 0x00000036 inc edx 0x00000037 push edx 0x00000038 ret 0x00000039 pop edx 0x0000003a ret 0x0000003b mov edi, dword ptr [ebp+122D3B93h] 0x00000041 mov eax, dword ptr [ebp+122D0199h] 0x00000047 jnl 00007F15206D4F1Bh 0x0000004d mov dword ptr [ebp+12463D0Ch], edi 0x00000053 push FFFFFFFFh 0x00000055 mov edi, 3EE56C65h 0x0000005a push eax 0x0000005b pushad 0x0000005c push edi 0x0000005d pushad 0x0000005e popad 0x0000005f pop edi 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 popad 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102EBF3 second address: 102EBF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102F994 second address: 102FA20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F15206D4F17h 0x00000008 jo 00007F15206D4F06h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 push dword ptr fs:[00000000h] 0x00000019 push 00000000h 0x0000001b push esi 0x0000001c call 00007F15206D4F08h 0x00000021 pop esi 0x00000022 mov dword ptr [esp+04h], esi 0x00000026 add dword ptr [esp+04h], 00000017h 0x0000002e inc esi 0x0000002f push esi 0x00000030 ret 0x00000031 pop esi 0x00000032 ret 0x00000033 mov dword ptr [ebp+122D37A1h], eax 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 mov dword ptr [ebp+122D38D0h], ecx 0x00000046 mov eax, dword ptr [ebp+122D0841h] 0x0000004c xor dword ptr [ebp+12485C0Bh], edi 0x00000052 push FFFFFFFFh 0x00000054 or bx, 9AF7h 0x00000059 nop 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e jmp 00007F15206D4F17h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 102FA20 second address: 102FA26 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1030B79 second address: 1030B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1030B7D second address: 1030B87 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F1520D32C96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104355D second address: 1043561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1043F13 second address: 1043F17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1043F17 second address: 1043F23 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1043F23 second address: 1043F27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1044306 second address: 1044326 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F15206D4F0Ch 0x00000008 jg 00007F15206D4F06h 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007F15206D4F06h 0x00000016 jmp 00007F15206D4F0Ah 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1044326 second address: 104432A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1044476 second address: 104447A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104939B second address: 104939F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104939F second address: 10493BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c popad 0x0000000d jno 00007F15206D4F06h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 jnc 00007F15206D4F06h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10493BD second address: 10493D8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 104816D second address: 1048173 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014687 second address: 101468B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101468B second address: 101469A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F15206D4F0Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014AD0 second address: 1014AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 xor dword ptr [esp], 2EED5B6Eh 0x0000000d mov cl, 84h 0x0000000f push F166E983h 0x00000014 push eax 0x00000015 push edx 0x00000016 push esi 0x00000017 pushad 0x00000018 popad 0x00000019 pop esi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014B64 second address: 1014B6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014B6D second address: 1014B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014C12 second address: 1014C70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007F15206D4F08h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 jmp 00007F15206D4F15h 0x0000002b and cx, A2D6h 0x00000030 nop 0x00000031 js 00007F15206D4F10h 0x00000037 push eax 0x00000038 push edx 0x00000039 push edi 0x0000003a pop edi 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014D51 second address: 1014D55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014D55 second address: 1014D69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014D69 second address: 1014D6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014E2D second address: 1014E32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014F74 second address: 1014F7E instructions: 0x00000000 rdtsc 0x00000002 je 00007F1520D32C96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014F7E second address: 1014FA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F15206D4F13h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014FA7 second address: 1014FAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014FAD second address: 1014FB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014FB1 second address: 1014FF4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1520D32C96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d or ecx, 395CC6DCh 0x00000013 push 00000004h 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007F1520D32C98h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 0000001Bh 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f nop 0x00000030 jng 00007F1520D32CA4h 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014FF4 second address: 1014FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1014FF8 second address: 1015010 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F1520D32C9Fh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015010 second address: 101501A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F15206D4F06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015755 second address: 101577D instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F1520D32C96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov eax, dword ptr [eax] 0x0000000d jmp 00007F1520D32CA3h 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 pushad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101577D second address: 101578C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F15206D4F06h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10484A3 second address: 10484B8 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F1520D32C9Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10484B8 second address: 10484C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F15206D4F06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10484C3 second address: 10484CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048762 second address: 104876B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edi 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10488D9 second address: 10488E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F1520D32C96h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10488E5 second address: 10488E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048BE4 second address: 1048BE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048BE8 second address: 1048BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048BF4 second address: 1048BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048BF8 second address: 1048C0F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F15206D4F11h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048C0F second address: 1048C4F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F1520D32C9Fh 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F1520D32CA7h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048C4F second address: 1048C6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F15206D4F15h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048C6D second address: 1048C73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048DC4 second address: 1048DCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048F0A second address: 1048F10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048F10 second address: 1048F16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048F16 second address: 1048F2E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Ch 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1048F2E second address: 1048F32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052335 second address: 1052339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052339 second address: 105233F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10525D8 second address: 10525E9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F1520D32C96h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d pushad 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10525E9 second address: 10525EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10525EF second address: 10525FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jc 00007F1520D32C96h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10525FE second address: 1052628 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 ja 00007F15206D4F06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jmp 00007F15206D4F12h 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 jng 00007F15206D4F06h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052628 second address: 1052632 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F1520D32C96h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10528DF second address: 10528E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052A27 second address: 1052A2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052A2B second address: 1052A42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007F15206D4F11h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052A42 second address: 1052A87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F1520D32CA6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F1520D32C9Dh 0x00000015 jmp 00007F1520D32C9Fh 0x0000001a push eax 0x0000001b push edx 0x0000001c jng 00007F1520D32C96h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052A87 second address: 1052A8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052BE7 second address: 1052BEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052BEF second address: 1052BF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052BF4 second address: 1052C0D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F1520D32C96h 0x00000009 jmp 00007F1520D32C9Eh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052E9A second address: 1052EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F15206D4F0Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1053044 second address: 105304A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105304A second address: 1053050 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1053050 second address: 1053059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105205C second address: 1052062 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052062 second address: 1052068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052068 second address: 1052083 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F15206D4F14h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1052083 second address: 1052094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F1520D32C9Ah 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1058A88 second address: 1058A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jbe 00007F15206D4F06h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1058C05 second address: 1058C0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1058C0B second address: 1058C1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007F15206D4F06h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1058C1A second address: 1058C1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1058F64 second address: 1058F68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10590DF second address: 105910C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Ah 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jp 00007F1520D32C96h 0x00000012 js 00007F1520D32C96h 0x00000018 pop ebx 0x00000019 ja 00007F1520D32C9Ch 0x0000001f js 00007F1520D32C96h 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10594DC second address: 10594E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10594E2 second address: 1059527 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F1520D32C96h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F1520D32CA5h 0x00000011 push edx 0x00000012 jmp 00007F1520D32CA6h 0x00000017 jl 00007F1520D32C96h 0x0000001d pop edx 0x0000001e popad 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10599FB second address: 1059A17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1059A17 second address: 1059A1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D903 second address: 105D910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D910 second address: 105D914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 105D914 second address: 105D931 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCAC32 second address: FCAC38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: FCAC38 second address: FCAC44 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F15206D4F06h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106054E second address: 1060552 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106824B second address: 106827C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F15206D4F17h 0x0000000b popad 0x0000000c jng 00007F15206D4F08h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 js 00007F15206D4F06h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106856E second address: 106858C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA6h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068A21 second address: 1068A26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1068A26 second address: 1068A2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106D87D second address: 106D89F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F15206D4F0Ch 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b jmp 00007F15206D4F0Fh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106D89F second address: 106D8A6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106D8A6 second address: 106D8B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F15206D4F06h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 106DF3A second address: 106DF3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015206 second address: 101520A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101520A second address: 1015210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015210 second address: 1015216 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1015216 second address: 101521A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1072156 second address: 1072160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F15206D4F06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1072160 second address: 107217B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107217B second address: 1072181 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1072181 second address: 10721A9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1520D32C96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F1520D32CA2h 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jc 00007F1520D32C96h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10721A9 second address: 10721CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F15206D4F06h 0x0000000a popad 0x0000000b push ebx 0x0000000c jmp 00007F15206D4F16h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1071893 second address: 1071898 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1071898 second address: 10718AF instructions: 0x00000000 rdtsc 0x00000002 jp 00007F15206D4F0Ch 0x00000008 push ecx 0x00000009 jp 00007F15206D4F06h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1071B99 second address: 1071BBC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F1520D32C98h 0x00000008 jnc 00007F1520D32CA2h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1071ECB second address: 1071ED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1071ED3 second address: 1071ED7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107ADDE second address: 107ADE3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1078ED5 second address: 1078EEC instructions: 0x00000000 rdtsc 0x00000002 jng 00007F1520D32C9Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jng 00007F1520D32C96h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079064 second address: 107906F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107906F second address: 1079073 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079073 second address: 1079079 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079079 second address: 10790A2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F1520D32CACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jne 00007F1520D32CAFh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10790A2 second address: 10790C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F15206D4F13h 0x00000009 jo 00007F15206D4F0Eh 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10790C3 second address: 10790CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10790CB second address: 10790E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F15206D4F11h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079362 second address: 1079366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079366 second address: 10793AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F15206D4F19h 0x0000000c jmp 00007F15206D4F13h 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F15206D4F19h 0x00000019 jbe 00007F15206D4F0Eh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10793AF second address: 10793C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079686 second address: 107969F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F15206D4F0Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107969F second address: 10796A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10796A3 second address: 10796A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10796A9 second address: 10796B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007F1520D32CA2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107998E second address: 1079992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079C43 second address: 1079C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1079C47 second address: 1079C65 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107A268 second address: 107A2A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F1520D32C9Fh 0x0000000a jmp 00007F1520D32CA3h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F1520D32CA0h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107A7FB second address: 107A812 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push edi 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107F1DF second address: 107F1E4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107F1E4 second address: 107F1EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push edi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107F1EE second address: 107F1FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107F1FA second address: 107F1FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107E334 second address: 107E350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1520D32CA8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107E350 second address: 107E356 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107E356 second address: 107E35C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107E35C second address: 107E360 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107E7C6 second address: 107E7CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107E7CA second address: 107E7D9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F15206D4F06h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107E947 second address: 107E94B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107E94B second address: 107E968 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jne 00007F15206D4F06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F15206D4F0Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107EB07 second address: 107EB18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F1520D32C96h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107EB18 second address: 107EB1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107EB1C second address: 107EB22 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107EC56 second address: 107EC5B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107EDA1 second address: 107EDAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107EDAB second address: 107EDAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 107EDAF second address: 107EDB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CAF2 second address: 108CAFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CC95 second address: 108CC99 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CC99 second address: 108CCA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108CDF5 second address: 108CE25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1520D32CA1h 0x00000009 js 00007F1520D32C96h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F1520D32C9Ch 0x00000017 jnc 00007F1520D32C96h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 108D1FD second address: 108D203 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1095937 second address: 109593D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10954CD second address: 10954D7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10954D7 second address: 10954E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F1520D32C96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10954E1 second address: 1095509 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F15206D4F06h 0x00000008 jp 00007F15206D4F06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F15206D4F14h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1095649 second address: 109567C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d jmp 00007F1520D32CA4h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109567C second address: 1095686 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1095686 second address: 109568A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109568A second address: 10956A9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007F15206D4F15h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10956A9 second address: 10956AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1097013 second address: 109704A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F15206D4F0Fh 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jmp 00007F15206D4F0Bh 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F15206D4F14h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 109704A second address: 109705D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 je 00007F1520D32C96h 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10994F4 second address: 10994F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10994F9 second address: 109951A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F1520D32C9Bh 0x00000008 jmp 00007F1520D32CA1h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A57C0 second address: 10A57C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A91EC second address: 10A91F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A91F0 second address: 10A91FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10A91FA second address: 10A921F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Fh 0x00000007 jmp 00007F1520D32C9Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B2E64 second address: 10B2E68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B2E68 second address: 10B2E7D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Fh 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B44BF second address: 10B44C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B44C3 second address: 10B44D1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F1520D32C96h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B44D1 second address: 10B44E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F15206D4F0Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B44E9 second address: 10B44F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F1520D32C96h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B44F3 second address: 10B44F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B44F7 second address: 10B4501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B4501 second address: 10B4505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10B9C56 second address: 10B9C64 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007F1520D32C96h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10BBB21 second address: 10BBB32 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F0Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C2FAC second address: 10C2FDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Dh 0x00000007 jmp 00007F1520D32CA7h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jns 00007F1520D32C96h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C2FDE second address: 10C2FE4 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C311D second address: 10C3123 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3123 second address: 10C3129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C3385 second address: 10C338B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C338B second address: 10C3398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jne 00007F15206D4F0Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C34C3 second address: 10C34D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F1520D32C96h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C90CD second address: 10C90D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C8CC4 second address: 10C8CC9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C8E27 second address: 10C8E2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10C8E2B second address: 10C8E37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D3383 second address: 10D339C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F15206D4F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F15206D4F0Dh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D339C second address: 10D33A2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D33A2 second address: 10D33A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D33A8 second address: 10D33B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D33B0 second address: 10D33B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D33B4 second address: 10D33B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10D33B8 second address: 10D33C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F15206D4F0Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E2C7D second address: 10E2CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F1520D32CA9h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c jmp 00007F1520D32C9Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E2CA7 second address: 10E2CB1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E2CB1 second address: 10E2CB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E2B2B second address: 10E2B36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 pop eax 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10E706F second address: 10E7075 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FE366 second address: 10FE36E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FE36E second address: 10FE375 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FD759 second address: 10FD768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F15206D4F0Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FDA7B second address: 10FDA7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FDA7F second address: 10FDA85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FDD66 second address: 10FDD77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F1520D32C96h 0x0000000a jns 00007F1520D32C96h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 10FDD77 second address: 10FDD81 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1102373 second address: 1102385 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11025CD second address: 11025D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11025D3 second address: 11025FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F1520D32CA7h 0x0000000a popad 0x0000000b push eax 0x0000000c jl 00007F1520D32CA8h 0x00000012 push eax 0x00000013 push edx 0x00000014 jno 00007F1520D32C96h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 11025FF second address: 110264D instructions: 0x00000000 rdtsc 0x00000002 jno 00007F15206D4F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov dh, ah 0x0000000d push 00000004h 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F15206D4F08h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 jne 00007F15206D4F0Eh 0x0000002f stc 0x00000030 push 763000F3h 0x00000035 pushad 0x00000036 jo 00007F15206D4F08h 0x0000003c pushad 0x0000003d popad 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110400A second address: 1104010 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1104010 second address: 1104038 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F15206D4F11h 0x00000009 popad 0x0000000a push esi 0x0000000b push ecx 0x0000000c je 00007F15206D4F06h 0x00000012 jno 00007F15206D4F06h 0x00000018 pop ecx 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1106128 second address: 110612E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 110612E second address: 1106136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1018882 second address: 1018886 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1018886 second address: 1018890 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F15206D4F06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 1018A1F second address: 1018A2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1520D32C9Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6040B second address: 4E60469 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F15206D4F0Ah 0x00000008 xor ax, 1C28h 0x0000000d jmp 00007F15206D4F0Bh 0x00000012 popfd 0x00000013 pop edx 0x00000014 pop eax 0x00000015 call 00007F15206D4F18h 0x0000001a mov edi, esi 0x0000001c pop eax 0x0000001d popad 0x0000001e mov edx, dword ptr [ebp+0Ch] 0x00000021 jmp 00007F15206D4F0Dh 0x00000026 mov ecx, dword ptr [ebp+08h] 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F15206D4F0Dh 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6049F second address: 4E604A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E604A3 second address: 4E604A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E604A9 second address: 4E604E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, 44EF9353h 0x00000008 mov esi, 625611AFh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 pushfd 0x00000017 jmp 00007F1520D32C9Dh 0x0000001c or esi, 735FC716h 0x00000022 jmp 00007F1520D32CA1h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 101B90E second address: 101B912 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80740 second address: 4E80758 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1520D32CA4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80758 second address: 4E80791 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F15206D4F16h 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F15206D4F0Eh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80791 second address: 4E807AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov cl, bl 0x0000000f mov esi, 6D4668D3h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E807AC second address: 4E80812 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F15206D4F0Eh 0x00000010 xchg eax, ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 push ebx 0x00000015 pop ecx 0x00000016 pushfd 0x00000017 jmp 00007F15206D4F19h 0x0000001c xor esi, 2A635EA6h 0x00000022 jmp 00007F15206D4F11h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80812 second address: 4E80818 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80818 second address: 4E8081C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8081C second address: 4E80830 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov edx, 27772806h 0x00000011 push ebx 0x00000012 pop eax 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80830 second address: 4E80836 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80836 second address: 4E8083A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8083A second address: 4E8083E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8083E second address: 4E8088D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ecx 0x00000009 pushad 0x0000000a movzx eax, di 0x0000000d pushfd 0x0000000e jmp 00007F1520D32CA9h 0x00000013 sub si, B016h 0x00000018 jmp 00007F1520D32CA1h 0x0000001d popfd 0x0000001e popad 0x0000001f xchg eax, esi 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F1520D32C9Dh 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8088D second address: 4E808DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F15206D4F17h 0x00000008 pop ecx 0x00000009 mov ah, bl 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 mov ch, bl 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007F15206D4F18h 0x0000001a or ecx, 525598F8h 0x00000020 jmp 00007F15206D4F0Bh 0x00000025 popfd 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E808DE second address: 4E80926 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a mov si, bx 0x0000000d pushfd 0x0000000e jmp 00007F1520D32C9Dh 0x00000013 jmp 00007F1520D32C9Bh 0x00000018 popfd 0x00000019 popad 0x0000001a lea eax, dword ptr [ebp-04h] 0x0000001d jmp 00007F1520D32CA6h 0x00000022 nop 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80926 second address: 4E8092A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8092A second address: 4E80947 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80947 second address: 4E809B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bl, 53h 0x00000005 pushfd 0x00000006 jmp 00007F15206D4F18h 0x0000000b add si, 2278h 0x00000010 jmp 00007F15206D4F0Bh 0x00000015 popfd 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a pushad 0x0000001b mov cx, bx 0x0000001e pushfd 0x0000001f jmp 00007F15206D4F0Bh 0x00000024 xor cl, 0000003Eh 0x00000027 jmp 00007F15206D4F19h 0x0000002c popfd 0x0000002d popad 0x0000002e nop 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov si, bx 0x00000035 pushad 0x00000036 popad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E809B2 second address: 4E809C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1520D32CA1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E809C7 second address: 4E809CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80ABE second address: 4E80ADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1520D32CA9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80ADB second address: 4E80026 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b leave 0x0000000c pushad 0x0000000d jmp 00007F15206D4F0Ch 0x00000012 pushfd 0x00000013 jmp 00007F15206D4F12h 0x00000018 add si, 1498h 0x0000001d jmp 00007F15206D4F0Bh 0x00000022 popfd 0x00000023 popad 0x00000024 retn 0004h 0x00000027 nop 0x00000028 sub esp, 04h 0x0000002b xor ebx, ebx 0x0000002d cmp eax, 00000000h 0x00000030 je 00007F15206D5055h 0x00000036 xor eax, eax 0x00000038 mov dword ptr [esp], 00000000h 0x0000003f mov dword ptr [esp+04h], 00000000h 0x00000047 call 00007F1524720A5Bh 0x0000004c mov edi, edi 0x0000004e pushad 0x0000004f pushfd 0x00000050 jmp 00007F15206D4F0Eh 0x00000055 xor eax, 501F6F38h 0x0000005b jmp 00007F15206D4F0Bh 0x00000060 popfd 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80026 second address: 4E800E0 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F1520D32CA5h 0x00000008 jmp 00007F1520D32C9Bh 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 xchg eax, ebp 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007F1520D32CA4h 0x00000019 adc al, FFFFFFF8h 0x0000001c jmp 00007F1520D32C9Bh 0x00000021 popfd 0x00000022 popad 0x00000023 push eax 0x00000024 jmp 00007F1520D32CA4h 0x00000029 xchg eax, ebp 0x0000002a jmp 00007F1520D32CA0h 0x0000002f mov ebp, esp 0x00000031 jmp 00007F1520D32CA0h 0x00000036 push FFFFFFFEh 0x00000038 jmp 00007F1520D32CA0h 0x0000003d call 00007F1520D32C99h 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F1520D32CA7h 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E800E0 second address: 4E800E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E800E6 second address: 4E800EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E800EA second address: 4E80123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a call 00007F15206D4F0Ch 0x0000000f mov di, ax 0x00000012 pop ecx 0x00000013 popad 0x00000014 mov eax, dword ptr [esp+04h] 0x00000018 jmp 00007F15206D4F13h 0x0000001d mov eax, dword ptr [eax] 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80123 second address: 4E8012D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, 1E984397h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8012D second address: 4E80148 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80148 second address: 4E8014C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8014C second address: 4E80166 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F16h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80166 second address: 4E801B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1520D32CA1h 0x00000009 sub cx, A0D6h 0x0000000e jmp 00007F1520D32CA1h 0x00000013 popfd 0x00000014 mov ah, 4Ch 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F1520D32CA5h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E801B1 second address: 4E801B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E801B5 second address: 4E801BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E801BB second address: 4E8028A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F15206D4F0Ah 0x00000009 or ax, 8158h 0x0000000e jmp 00007F15206D4F0Bh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F15206D4F18h 0x0000001a sub esi, 4CAE8BB8h 0x00000020 jmp 00007F15206D4F0Bh 0x00000025 popfd 0x00000026 popad 0x00000027 pop edx 0x00000028 pop eax 0x00000029 call 00007F15206D4F09h 0x0000002e jmp 00007F15206D4F16h 0x00000033 push eax 0x00000034 pushad 0x00000035 call 00007F15206D4F11h 0x0000003a push esi 0x0000003b pop edi 0x0000003c pop eax 0x0000003d mov dl, 95h 0x0000003f popad 0x00000040 mov eax, dword ptr [esp+04h] 0x00000044 jmp 00007F15206D4F0Fh 0x00000049 mov eax, dword ptr [eax] 0x0000004b jmp 00007F15206D4F19h 0x00000050 mov dword ptr [esp+04h], eax 0x00000054 jmp 00007F15206D4F11h 0x00000059 pop eax 0x0000005a push eax 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e pushad 0x0000005f popad 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8028A second address: 4E8029D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8029D second address: 4E802B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F15206D4F14h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80396 second address: 4E803A8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1520D32C9Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E803A8 second address: 4E803AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E803AC second address: 4E80404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jmp 00007F1520D32C9Ch 0x0000000e mov dword ptr [esp], esi 0x00000011 pushad 0x00000012 push eax 0x00000013 call 00007F1520D32C9Dh 0x00000018 pop ecx 0x00000019 pop edi 0x0000001a mov edx, ecx 0x0000001c popad 0x0000001d xchg eax, edi 0x0000001e jmp 00007F1520D32CA8h 0x00000023 push eax 0x00000024 jmp 00007F1520D32C9Bh 0x00000029 xchg eax, edi 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80404 second address: 4E8041F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8041F second address: 4E8048A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1520D32C9Fh 0x00000009 xor eax, 6190556Eh 0x0000000f jmp 00007F1520D32CA9h 0x00000014 popfd 0x00000015 mov ecx, 6C68EEF7h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d mov eax, dword ptr [770E4538h] 0x00000022 jmp 00007F1520D32C9Ah 0x00000027 xor dword ptr [ebp-08h], eax 0x0000002a pushad 0x0000002b mov di, cx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F1520D32CA8h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8048A second address: 4E8048E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8048E second address: 4E8049D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xor eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8049D second address: 4E804A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E804A1 second address: 4E804A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E804A5 second address: 4E804AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E804AB second address: 4E80518 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F1520D32CA1h 0x00000009 jmp 00007F1520D32C9Bh 0x0000000e popfd 0x0000000f pushfd 0x00000010 jmp 00007F1520D32CA8h 0x00000015 adc esi, 75DC4008h 0x0000001b jmp 00007F1520D32C9Bh 0x00000020 popfd 0x00000021 popad 0x00000022 pop edx 0x00000023 pop eax 0x00000024 nop 0x00000025 jmp 00007F1520D32CA6h 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d pushad 0x0000002e mov al, 07h 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80518 second address: 4E8055B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F15206D4F10h 0x0000000f lea eax, dword ptr [ebp-10h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F15206D4F17h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8055B second address: 4E80561 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80561 second address: 4E80575 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr fs:[00000000h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80575 second address: 4E8058D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8058D second address: 4E805C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F15206D4F17h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [ebp-18h], esp 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F15206D4F15h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E805C6 second address: 4E805F3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000018h] 0x0000000f pushad 0x00000010 mov dh, ch 0x00000012 mov ch, bh 0x00000014 popad 0x00000015 mov ecx, dword ptr [eax+00000FDCh] 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E805F3 second address: 4E80610 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80610 second address: 4E80648 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test ecx, ecx 0x0000000b pushad 0x0000000c mov edi, eax 0x0000000e push ecx 0x0000000f jmp 00007F1520D32C9Fh 0x00000014 pop esi 0x00000015 popad 0x00000016 jns 00007F1520D32CC7h 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80648 second address: 4E8064E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8064E second address: 4E80654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80654 second address: 4E80658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80658 second address: 4E80685 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add eax, ecx 0x0000000a jmp 00007F1520D32CA1h 0x0000000f mov ecx, dword ptr [ebp+08h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F1520D32C9Dh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7021F second address: 4E70243 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 1A3FCF2Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b jmp 00007F15206D4F12h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70243 second address: 4E70247 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70247 second address: 4E7024B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7024B second address: 4E70251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70251 second address: 4E70267 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F15206D4F12h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70267 second address: 4E702AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d pushad 0x0000000e mov ch, F0h 0x00000010 popad 0x00000011 mov edx, 266EEC7Eh 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 jmp 00007F1520D32CA5h 0x0000001e sub esp, 2Ch 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F1520D32C9Dh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E702AD second address: 4E7035F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F15206D4F17h 0x00000009 sub ah, 0000003Eh 0x0000000c jmp 00007F15206D4F19h 0x00000011 popfd 0x00000012 movzx eax, dx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F15206D4F16h 0x00000020 add al, 00000068h 0x00000023 jmp 00007F15206D4F0Bh 0x00000028 popfd 0x00000029 mov esi, 37234D5Fh 0x0000002e popad 0x0000002f mov dword ptr [esp], ebx 0x00000032 jmp 00007F15206D4F12h 0x00000037 xchg eax, edi 0x00000038 jmp 00007F15206D4F10h 0x0000003d push eax 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 pushfd 0x00000042 jmp 00007F15206D4F0Ah 0x00000047 or ax, 0028h 0x0000004c jmp 00007F15206D4F0Bh 0x00000051 popfd 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E703D0 second address: 4E703D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E703D6 second address: 4E703DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E703DA second address: 4E7042C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F1520D32E2Ah 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F1520D32C9Dh 0x00000015 sbb eax, 2CBF4B16h 0x0000001b jmp 00007F1520D32CA1h 0x00000020 popfd 0x00000021 mov esi, 55D31987h 0x00000026 popad 0x00000027 lea ecx, dword ptr [ebp-14h] 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov di, 9FAAh 0x00000031 call 00007F1520D32C9Bh 0x00000036 pop eax 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7045E second address: 4E70462 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70462 second address: 4E70473 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70563 second address: 4E70576 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007F15928F2E37h 0x0000000d pushad 0x0000000e mov dh, cl 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70576 second address: 4E705FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 mov ebx, dword ptr [ebp+08h] 0x00000009 pushad 0x0000000a push edx 0x0000000b mov edx, ecx 0x0000000d pop esi 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F1520D32CA9h 0x00000015 adc eax, 11D94CE6h 0x0000001b jmp 00007F1520D32CA1h 0x00000020 popfd 0x00000021 pushfd 0x00000022 jmp 00007F1520D32CA0h 0x00000027 sbb esi, 5F575888h 0x0000002d jmp 00007F1520D32C9Bh 0x00000032 popfd 0x00000033 popad 0x00000034 popad 0x00000035 lea eax, dword ptr [ebp-2Ch] 0x00000038 jmp 00007F1520D32CA6h 0x0000003d xchg eax, esi 0x0000003e push eax 0x0000003f push edx 0x00000040 pushad 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E705FB second address: 4E70605 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ebx, 1890AD7Eh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70605 second address: 4E7060B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7060B second address: 4E7060F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7060F second address: 4E70613 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70613 second address: 4E70636 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F15206D4F18h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70636 second address: 4E70668 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx edi, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c pushad 0x0000000d mov bx, si 0x00000010 push eax 0x00000011 push edx 0x00000012 pushfd 0x00000013 jmp 00007F1520D32C9Eh 0x00000018 add cx, 32D8h 0x0000001d jmp 00007F1520D32C9Bh 0x00000022 popfd 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70668 second address: 4E70685 instructions: 0x00000000 rdtsc 0x00000002 mov si, 658Fh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F15206D4F11h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70685 second address: 4E7068B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7068B second address: 4E706B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F15206D4F0Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E706B4 second address: 4E706B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E706B8 second address: 4E706BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E706BE second address: 4E706CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1520D32C9Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70745 second address: 4E70762 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70762 second address: 4E70766 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70766 second address: 4E7076C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7076C second address: 4E70781 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1520D32CA1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70781 second address: 4E70036 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b test esi, esi 0x0000000d jmp 00007F15206D4F0Eh 0x00000012 je 00007F15928F2DB3h 0x00000018 xor eax, eax 0x0000001a jmp 00007F15206AE63Ah 0x0000001f pop esi 0x00000020 pop edi 0x00000021 pop ebx 0x00000022 leave 0x00000023 retn 0004h 0x00000026 nop 0x00000027 sub esp, 04h 0x0000002a mov esi, eax 0x0000002c cmp esi, 00000000h 0x0000002f setne al 0x00000032 xor ebx, ebx 0x00000034 test al, 01h 0x00000036 jne 00007F15206D4F07h 0x00000038 jmp 00007F15206D500Fh 0x0000003d call 00007F1524710925h 0x00000042 mov edi, edi 0x00000044 pushad 0x00000045 jmp 00007F15206D4F0Eh 0x0000004a mov dx, cx 0x0000004d popad 0x0000004e xchg eax, ebp 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 call 00007F15206D4F19h 0x00000057 pop eax 0x00000058 push edx 0x00000059 pop eax 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70036 second address: 4E7003C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7003C second address: 4E70055 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F15206D4F0Eh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70055 second address: 4E7005B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7005B second address: 4E700A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F15206D4F0Eh 0x00000011 mov ebp, esp 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 pushfd 0x00000017 jmp 00007F15206D4F0Ch 0x0000001c jmp 00007F15206D4F15h 0x00000021 popfd 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E700A5 second address: 4E700F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F1520D32C9Ch 0x0000000a sbb cx, 9898h 0x0000000f jmp 00007F1520D32C9Bh 0x00000014 popfd 0x00000015 popad 0x00000016 xchg eax, ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c pushfd 0x0000001d jmp 00007F1520D32CA1h 0x00000022 sub cx, BE36h 0x00000027 jmp 00007F1520D32CA1h 0x0000002c popfd 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E700F8 second address: 4E70134 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, ebx 0x00000005 mov edx, 5E7766BEh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e jmp 00007F15206D4F14h 0x00000013 xchg eax, ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F15206D4F17h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70134 second address: 4E7013A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7013A second address: 4E7014F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [ebp-04h], 55534552h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E7014F second address: 4E70153 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70153 second address: 4E70159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70159 second address: 4E7016B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F1520D32C9Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70AE5 second address: 4E70AE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70AE9 second address: 4E70B06 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70B06 second address: 4E70B16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F15206D4F0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70B16 second address: 4E70B1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70B1A second address: 4E70B81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F15206D4F0Eh 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F15206D4F0Eh 0x00000016 and al, FFFFFFA8h 0x00000019 jmp 00007F15206D4F0Bh 0x0000001e popfd 0x0000001f popad 0x00000020 mov ebp, esp 0x00000022 jmp 00007F15206D4F12h 0x00000027 cmp dword ptr [770E459Ch], 05h 0x0000002e push eax 0x0000002f push edx 0x00000030 pushad 0x00000031 call 00007F15206D4F0Dh 0x00000036 pop eax 0x00000037 mov dh, C0h 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70C37 second address: 4E70C86 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 32FDA801h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F1520D32CA7h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 jmp 00007F1520D32CA9h 0x00000019 mov eax, dword ptr [eax] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F1520D32C9Ch 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70C86 second address: 4E70CBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 mov ebx, esi 0x00000012 pushfd 0x00000013 jmp 00007F15206D4F0Eh 0x00000018 and si, A108h 0x0000001d jmp 00007F15206D4F0Bh 0x00000022 popfd 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70CBF second address: 4E70CF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dl, 5Ch 0x00000005 mov dl, cl 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edx 0x0000000d mov ax, B68Bh 0x00000011 pop eax 0x00000012 popad 0x00000013 call 00007F1592F47B36h 0x00000018 push 77082B70h 0x0000001d push dword ptr fs:[00000000h] 0x00000024 mov eax, dword ptr [esp+10h] 0x00000028 mov dword ptr [esp+10h], ebp 0x0000002c lea ebp, dword ptr [esp+10h] 0x00000030 sub esp, eax 0x00000032 push ebx 0x00000033 push esi 0x00000034 push edi 0x00000035 mov eax, dword ptr [770E4538h] 0x0000003a xor dword ptr [ebp-04h], eax 0x0000003d xor eax, ebp 0x0000003f push eax 0x00000040 mov dword ptr [ebp-18h], esp 0x00000043 push dword ptr [ebp-08h] 0x00000046 mov eax, dword ptr [ebp-04h] 0x00000049 mov dword ptr [ebp-04h], FFFFFFFEh 0x00000050 mov dword ptr [ebp-08h], eax 0x00000053 lea eax, dword ptr [ebp-10h] 0x00000056 mov dword ptr fs:[00000000h], eax 0x0000005c ret 0x0000005d push eax 0x0000005e push edx 0x0000005f jmp 00007F1520D32CA9h 0x00000064 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70CF2 second address: 4E70D15 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 sub esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F15206D4F0Ah 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70D15 second address: 4E70D30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 mov edx, ecx 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [ebp-1Ch], esi 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F1520D32C9Bh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70D7C second address: 4E70D82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70D82 second address: 4E70D86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70D86 second address: 4E70DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test al, al 0x0000000a jmp 00007F15206D4F17h 0x0000000f je 00007F15928D8AE4h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70DB3 second address: 4E70DB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70DB7 second address: 4E70DBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E70DBB second address: 4E70DC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80BC6 second address: 4E80BCB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80BCB second address: 4E80C00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, 11B92D60h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e jmp 00007F1520D32C9Fh 0x00000013 xchg eax, esi 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F1520D32CA5h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80C00 second address: 4E80C57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F15206D4F11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c mov ebx, 5E8B3A20h 0x00000011 mov di, D84Ch 0x00000015 popad 0x00000016 pushfd 0x00000017 jmp 00007F15206D4F15h 0x0000001c add ecx, 3FB44526h 0x00000022 jmp 00007F15206D4F11h 0x00000027 popfd 0x00000028 popad 0x00000029 xchg eax, esi 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80C57 second address: 4E80C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ebx, 57ED58DCh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80C61 second address: 4E80C67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E80C67 second address: 4E80D18 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32C9Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, dword ptr [ebp+0Ch] 0x0000000e pushad 0x0000000f call 00007F1520D32C9Eh 0x00000014 call 00007F1520D32CA2h 0x00000019 pop ecx 0x0000001a pop ebx 0x0000001b mov di, ax 0x0000001e popad 0x0000001f test esi, esi 0x00000021 jmp 00007F1520D32C9Ah 0x00000026 je 00007F1592F3039Eh 0x0000002c jmp 00007F1520D32CA0h 0x00000031 cmp dword ptr [770E459Ch], 05h 0x00000038 pushad 0x00000039 pushfd 0x0000003a jmp 00007F1520D32C9Eh 0x0000003f adc ax, BDE8h 0x00000044 jmp 00007F1520D32C9Bh 0x00000049 popfd 0x0000004a push eax 0x0000004b push edx 0x0000004c pushfd 0x0000004d jmp 00007F1520D32CA6h 0x00000052 and eax, 44C35048h 0x00000058 jmp 00007F1520D32C9Bh 0x0000005d popfd 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6192747 second address: 619274B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619E6AD second address: 619E6B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619EA88 second address: 619EA9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jc 00007F15206D4F06h 0x0000000c push eax 0x0000000d pop eax 0x0000000e popad 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619ED97 second address: 619EDAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F1520D32CA1h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619EDAC second address: 619EDC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F15206D4F0Fh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619EDC7 second address: 619EDCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619EDCB second address: 619EDCF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619EF35 second address: 619EF3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619EF3B second address: 619EF56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push edi 0x00000006 jne 00007F15206D4F06h 0x0000000c pop edi 0x0000000d pop edx 0x0000000e push edi 0x0000000f js 00007F15206D4F08h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 619EF56 second address: 619EF5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61A1640 second address: 61A1679 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F15206D4F16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007F15206D4F15h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61A1679 second address: 61A167F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61A167F second address: 61A1683 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61A16B9 second address: 61A1735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ecx 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007F1520D32C9Bh 0x0000000d jmp 00007F1520D32CA3h 0x00000012 popad 0x00000013 nop 0x00000014 mov edx, dword ptr [ebp+122D2C9Ch] 0x0000001a push 00000000h 0x0000001c mov ecx, ebx 0x0000001e call 00007F1520D32C99h 0x00000023 jmp 00007F1520D32CA9h 0x00000028 push eax 0x00000029 jne 00007F1520D32CAEh 0x0000002f mov eax, dword ptr [esp+04h] 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61A1735 second address: 61A1739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E5CE83 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: E5CD7C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 100BADA instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 109D9E3 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 61C6C9A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 601B2C6 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 61EEEA8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 61D0CCC instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 60229CB instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_061B7626 rdtsc

1_2_061B7626

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_061B3368 sidt fword ptr [esp-02h]

1_2_061B3368

Source: C:\Users\user\Desktop\file.exe TID: 8048	Thread sleep time: -34017s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 8040	Thread sleep time: -36018s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1056	Thread sleep time: -210000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 8036	Thread sleep time: -36018s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 8020	Thread sleep time: -36018s >= -30000s			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000001.00000002.1731714235.0000000000FEA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000001.00000002.1736919514.00000000061A9000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - NDCDYNVMware20,11696501413z
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696501413o
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696501413h
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696501413
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.co.inVMware20,11696501413~
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696501413j
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - COM.HKVMware20,11696501413
Source: file.exe, 00000001.00000002.1736213688.000000000585F000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: &Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\u
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696501413
Source: file.exe, 00000001.00000002.1730648035.0000000000B15000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696501413|UE
Source: file.exe, 00000001.00000002.1730648035.0000000000AD7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWh
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696501413x
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413}
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - non-EU EuropeVMware20,11696501413
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696501413x
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696501413t
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - HKVMware20,11696501413]
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696501413s
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU East & CentralVMware20,11696501413
Source: file.exe, 00000001.00000002.1736062912.00000000057E3000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\6
Source: file.exe, 00000001.00000003.1420140791.0000000005808000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: - GDCDYNVMware20,11696501413p
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696501413u
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - GDCDYNVMware20,11696501413p
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Interactive userers - EU WestVMware20,11696501413n
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696501413
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: www.interactiveuserers.comVMware20,11696501413}
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.co.inVMware20,11696501413d
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696501413x
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696501413
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696501413t
Source: file.exe, 00000001.00000002.1730648035.0000000000B15000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWL
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696501413^
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: interactiveuserers.comVMware20,11696501413
Source: file.exe, 00000001.00000002.1731714235.0000000000FEA000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000001.00000002.1736919514.00000000061A9000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696501413f
Source: file.exe, 00000001.00000003.1420140791.0000000005802000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696501413

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Thread information set: HideFromDebugger			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_061B7626 rdtsc

1_2_061B7626

Source: C:\Users\user\Desktop\file.exe

Code function: 1_2_061B3056 LdrInitializeThunk,

1_2_061B3056

HIPS / PFW / Operating System Protection Evasion

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument http://go.microsoft.com/fwlink/?prd=11324&pver=4.5&sbp=AppLaunch2&plcid=0x409&o1=SHIM_NOVERSION_FOUND&version=(null)&processName=file.exe&platform=0009&osver=6&isServer=0&shimver=4.0.30319.0			Jump to behavior

Source: file.exe	Binary or memory string: "Program Manager
Source: file.exe, file.exe, 00000001.00000002.1736919514.00000000061A9000.00000040.00000800.00020000.00000000.sdmp	Binary or memory string: Program Manager
Source: file.exe, 00000001.00000002.1731714235.0000000000FEA000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: "Program Manager

Language, Device and Operating System Detection

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Source: file.exe, file.exe, 00000001.00000002.1730648035.0000000000AF1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000001.00000003.1498321661.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

Stealing of Sensitive Information

Source: Yara match	File source: Process Memory Space: file.exe PID: 7804, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP

Source: file.exe	String found in binary or memory: Wallets/Electrum
Source: file.exe	String found in binary or memory: Wallets/ElectronCash
Source: file.exe	String found in binary or memory: %appdata%\com.liberty.jaxx\IndexedDB
Source: file.exe	String found in binary or memory: window-state.json
Source: file.exe, 00000001.00000003.1646578503.0000000000B71000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Exodus
Source: file.exe	String found in binary or memory: Wallets/Ethereum
Source: file.exe	String found in binary or memory: %localappdata%\Coinomi\Coinomi\wallets
Source: file.exe	String found in binary or memory: keystore

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mopnmbcafieddcagagdcbnhejhlodfdd			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aiifbnbfobpmeekipheeijimdpnlpgpp			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\oeljdldpnmdbchonielidgobddfffla			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ijmpgkjfkbfhoebgogflfebnmejmfbm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ilgcnhelpchnceeipipijaljkblbcob			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\gaedmjdfmmahhbjefcbgaolhhanlaolb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\flpiciilemghbmfalicajoolhkkenfe			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mcohilncbfahbmgdjkbpemcciiolgcge			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cpojfbodiccabbabgimdeohkkpjfpbnf			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\places.sqlite			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\oeljdldpnmdbchonielidgobddfffla			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhbohimaelbohpjbbldcngcnapndodjp			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hifafgmccdpekplomjjkcfgodnhcellj			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ilgcnhelpchnceeipipijaljkblbcob			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kjmoohlgokccodicjjfebfomlbljgfhk			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\imloifkgjagghnncjkhggdhalmcnfklk			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ppbibelpcjmhbdihakflkdcoccbgbkpo			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onhogfjeacnfoofkfgppdlbmlmnplgbn			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\loinekcabhlmhjjbocijdoimmejangoa			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhhhlbepdkbapadjdnnojkbgioiodbic			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\heefohaffomkkkphnlpohglngmbcclhi			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jbdaocneiiinmjbjlgalhcelgbejmnid			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lodccjjbdhfakaekdiahmedfbieldgik			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlgbhdfgdhgbiamfdfmbikcdghidoadd			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\logins.json			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jiidiaalihmmhddjgbnbgdfflelocpak			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dlcobpjiigpikoobohmabehhmhfoodbb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bcopgchhojmggmffilplmbdicgaihlkp			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cert9.db			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\opcgpfmipidbgpenhmajoajpbobppdil			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jnlgamecbpmbajjfhmmmlhejkemejdma			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fhmfendgdocmcbmfikdcogofphimnkno			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\infeboajgfhgbjpjbeppbkgnabfdkdaf			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kkpllkodjeloidieedojogacfhpaihoh			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\prefs.js			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pioclpoplcdbaefihamjohnefbikjilc			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ocjdpmoallmgmjbbogfiiaofphbjgchh			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnmamaachppnkjgnildpdmkaakejnhae			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejbalbakoplchlghecdalmeeeajnimhm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cnncmdhjacpkmjmkcafchppbnpnhdmon			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nknhiehlklippafakaeklbeglecifhad			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jgaaimajipbpdogpdglhaphldakikgef			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\cookies.sqlite			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\afbcbjpbpfadlkmhmclhkeeodmamcflc			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\formhistory.sqlite			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cihmoadaighcejopammfbmddcmdekcje			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\phkbamefinggmakgklpkljjmgibohnba			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mnfifefkajgofkcjkemidiaecocnkjeh			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fcfcfllfndlomdhbehjjcoimbgofdncg			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\acmacodkjbdgmoleebolmdjonilkdbch			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lgmpcpglpngdoalbgeoldeajfclnhafa			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\idnnbdplmphpflfnlkomgpfbpcgelopg			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lpfcbjknijpeeillifnkikgncikgfhdo			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aflkmfhebedbjioipglgcbcmnbpgliof			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fijngjgcjhjmmpcmkeiomlglpeiijkld			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\efbglgofoippbgcjepnhiblaibcnclgk			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\onofpnbbkehpmmoabgpcpmigafmmnjh			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeblfdkhhhdcdjpifhhbdiojplfjncoa			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ejjladinnckdgjemekebdpeokbikhfci			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ojggmchlghnjlapmfbnjholfjkiidbch			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkcjlnjfpbikmcmbachjpdbijejflpcm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\091tobv5.default-release\key4.db			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dmkamcknogkgcdfhhbddcghachkejeap			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ibnejdfjmmkpcnlpebklmnkoeoihofec			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jojhfeoedkpkglbfimdfabpdfjaoolaf			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mkpegjkblkkefacfnmkajcjmabijhclg			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ookjlbkiijinhpmnjffcofjonbfbgaoc			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nngceckbapebfimnlniiiahkandclblb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dkdedlpgdmmkkfjabffeganieamfklkm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aholpfdialjgjfhomihkjbmgjidlcdno			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data For Account			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\dngmlblcodfobpdpecaadgfbcggfjfnm			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\klnaejjgbibmhlephnhpmaofohgkpgkd			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kppfdiipphfccemcignhifpjkapfbihd			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hdokiejnpimakedhajhdlcegeplioahd			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mmmjbcfofconkannjonfmjjajpllddbg			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\egjidjbpglichdcondbcbdnbeeppgdph			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ffnbelfdoeiohenkjibnmadjiehjhajb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\anokgmphncpekkhclmingpimjmcooifb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aeachknmefphepccionboohckonoeemg			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hcflpincpppdclinealmandijcmnkbgn			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bfnaelmomeimhlpmgjnjophhpkkoljpa			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPInfo			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPRush			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPbox			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Conceptworld\Notezilla			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\ProgramData\SiteDesigner\3D-FTP			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\FTPGetter			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Directory queried: C:\Users\user\Documents\NVWZAPQSQL			Jump to behavior

Source: Yara match	File source: 00000001.00000003.1471938676.0000000000B6E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7804, type: MEMORYSTR

Remote Access Functionality

Source: Yara match	File source: Process Memory Space: file.exe PID: 7804, type: MEMORYSTR
Source: Yara match	File source: sslproxydump.pcap, type: PCAP