Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1561392
MD5: e29592877c28430510ef200ea5e9257b
SHA1: c7d17b2f2ea1cb28c450eb232c278b94a9a6f453
SHA256: 2398510a1839ec4b89e7c3cd91f56c9235165f8d081d633ae0913a43508afb56
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Suricata IDS alerts for network traffic
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.21.33.116:443 -> 192.168.2.4:49730 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [eax], bl 0_2_00CACF05
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx eax, byte ptr [esp+esi+000001E8h] 0_2_00CAE0D8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push eax 0_2_00CDF8D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edi, eax 0_2_00CDF8D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, eax 0_2_00CDB8E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00CDB8E0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+14h] 0_2_00CA98F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh 0_2_00CDC040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], C18BC4BAh 0_2_00CDC040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], 6DBC3610h 0_2_00CDC040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [esi+edx*8], 98D5A07Fh 0_2_00CDC040
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push eax 0_2_00CDB860
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_00CC0870
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, eax 0_2_00CAC02B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esp+edx+14h] 0_2_00CAE970
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [esi], cx 0_2_00CAEA38
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax-65h] 0_2_00CAE35B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edi*8], 4C697C35h 0_2_00CDBCE0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov edx, ecx 0_2_00CABC9D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, ebp 0_2_00CA5C90
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, ebp 0_2_00CA5C90
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], cl 0_2_00CC8CB0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [eax+ecx] 0_2_00CAAD00
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [edi] 0_2_00CC5E90
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [eax+ecx+00008F12h] 0_2_00CA77D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [ebp+ebx*4+00h], ax 0_2_00CA77D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax-58FA0F6Ch] 0_2_00CE0F60

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.33.116:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.33.116:443
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.21.33.116 104.21.33.116
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.33.116:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.33.116:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: property-imper.sbs
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: property-imper.sbs
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: property-imper.sbs
Source: file.exe, 00000000.00000003.1737827142.0000000001735000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737647438.00000000016CC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1738807229.0000000001735000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1738682167.00000000016CC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs/
Source: file.exe, 00000000.00000003.1737827142.0000000001735000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1738807229.0000000001735000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs/Y
Source: file.exe, 00000000.00000003.1737827142.0000000001735000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs/api
Source: file.exe, 00000000.00000003.1737862960.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737647438.00000000016D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1738682167.00000000016DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs/apis0
Source: file.exe, 00000000.00000003.1737827142.0000000001735000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs/apit
Source: file.exe, 00000000.00000003.1737862960.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737647438.00000000016D8000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs/apivRx
Source: file.exe, 00000000.00000003.1737647438.00000000016C3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs:443/api
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown HTTPS traffic detected: 104.21.33.116:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD9030 0_2_00CD9030
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA89A0 0_2_00CA89A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CACF05 0_2_00CACF05
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAE0D8 0_2_00CAE0D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDF8D0 0_2_00CDF8D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDB8E0 0_2_00CDB8E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA98F0 0_2_00CA98F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA6840 0_2_00CA6840
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDC040 0_2_00CDC040
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3707D 0_2_00F3707D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 0_2_00E67071
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC0870 0_2_00CC0870
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6C005 0_2_00E6C005
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD41D0 0_2_00CD41D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E711D8 0_2_00E711D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA61A0 0_2_00CA61A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAE970 0_2_00CAE970
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA5AC9 0_2_00CA5AC9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA4AC0 0_2_00CA4AC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6024D 0_2_00E6024D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA9210 0_2_00CA9210
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAB210 0_2_00CAB210
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D5623B 0_2_00D5623B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA2B80 0_2_00CA2B80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E68BB1 0_2_00E68BB1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E72BB8 0_2_00E72BB8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6538B 0_2_00E6538B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBFB60 0_2_00CBFB60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CBDB30 0_2_00CBDB30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA6CC0 0_2_00CA6CC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA94D0 0_2_00CA94D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD24E0 0_2_00CD24E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE0C80 0_2_00CE0C80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA5C90 0_2_00CA5C90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DF74BA 0_2_00DF74BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC8CB0 0_2_00CC8CB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F41443 0_2_00F41443
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA542C 0_2_00CA542C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E645C1 0_2_00E645C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA3580 0_2_00CA3580
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE1580 0_2_00CE1580
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC3D70 0_2_00CC3D70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CAAD00 0_2_00CAAD00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CB9530 0_2_00CB9530
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DA0E9C 0_2_00DA0E9C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC5E90 0_2_00CC5E90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D3F68E 0_2_00D3F68E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D13EBA 0_2_00D13EBA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E74672 0_2_00E74672
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC0650 0_2_00CC0650
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D7AE75 0_2_00D7AE75
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6A631 0_2_00E6A631
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E0BE01 0_2_00E0BE01
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC7E20 0_2_00CC7E20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA77D0 0_2_00CA77D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CA27D0 0_2_00CA27D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00DEDFF2 0_2_00DEDFF2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDC780 0_2_00CDC780
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E5E7AA 0_2_00E5E7AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC1790 0_2_00CC1790
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00D73FB0 0_2_00D73FB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E6DF93 0_2_00E6DF93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD87B0 0_2_00CD87B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CE0F60 0_2_00CE0F60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CC8770 0_2_00CC8770
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9993532274590164
Source: file.exe Static PE information: Section: vuvdaqae ZLIB complexity 0.9946617318802521
Source: classification engine Classification label: mal100.evad.winEXE@1/0@1/1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD27B0 CoCreateInstance, 0_2_00CD27B0
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: file.exe Static file information: File size 1877504 > 1048576
Source: file.exe Static PE information: Raw size of vuvdaqae is bigger than: 0x100000 < 0x1a0800

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.ca0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;vuvdaqae:EW;qpdcndsl:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;vuvdaqae:EW;qpdcndsl:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1ccdd4 should be: 0x1d9e48
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: vuvdaqae
Source: file.exe Static PE information: section name: qpdcndsl
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E7A0FC push esi; mov dword ptr [esp], ebp 0_2_00E7A136
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F010EE push eax; mov dword ptr [esp], edx 0_2_00F0114E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E9D0C4 push 4378EB7Eh; mov dword ptr [esp], esi 0_2_00E9D100
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F670C5 push 35EC00CDh; mov dword ptr [esp], ecx 0_2_00F67160
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EEB0DB push eax; mov dword ptr [esp], 78A957C9h 0_2_00EEB0FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EEB0DB push ecx; mov dword ptr [esp], ebx 0_2_00EEB1AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F1B8B3 push eax; mov dword ptr [esp], ebp 0_2_00F1BA7B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E090BF push eax; mov dword ptr [esp], esi 0_2_00E090D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E090BF push eax; mov dword ptr [esp], ecx 0_2_00E09121
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E090BF push eax; mov dword ptr [esp], ecx 0_2_00E091D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E090BF push edi; mov dword ptr [esp], esi 0_2_00E0920A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E090BF push 359913BDh; mov dword ptr [esp], ebx 0_2_00E09246
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E090BF push 2ADA9FEDh; mov dword ptr [esp], ebx 0_2_00E09283
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE6892 push ecx; mov dword ptr [esp], 3CD748F4h 0_2_00EE69D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3707D push ecx; mov dword ptr [esp], edi 0_2_00F370AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3707D push eax; mov dword ptr [esp], 6EFC2229h 0_2_00F370D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3707D push ebx; mov dword ptr [esp], edi 0_2_00F37101
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00F3707D push 738C5FC0h; mov dword ptr [esp], ebx 0_2_00F37199
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push esi; mov dword ptr [esp], 4F6FD2F6h 0_2_00E6712C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push 641B2DB5h; mov dword ptr [esp], edx 0_2_00E67179
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push esi; mov dword ptr [esp], ecx 0_2_00E6719A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push 1D3AE468h; mov dword ptr [esp], edi 0_2_00E671C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push 1CD8799Dh; mov dword ptr [esp], edi 0_2_00E67210
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push edi; mov dword ptr [esp], ebx 0_2_00E67276
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push 5770A9EBh; mov dword ptr [esp], eax 0_2_00E67281
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push 7F7570ABh; mov dword ptr [esp], eax 0_2_00E67297
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push edx; mov dword ptr [esp], ebx 0_2_00E672B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push 54140284h; mov dword ptr [esp], ecx 0_2_00E672C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push 033B1C6Dh; mov dword ptr [esp], ecx 0_2_00E67305
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push 5AA72A21h; mov dword ptr [esp], edi 0_2_00E67326
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00E67071 push ebp; mov dword ptr [esp], edi 0_2_00E673A4
Source: file.exe Static PE information: section name: entropy: 7.979365342049581
Source: file.exe Static PE information: section name: vuvdaqae entropy: 7.9527469684444645

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7A184 second address: E7A18A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7A18A second address: E7A190 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E79507 second address: E7950D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7950D second address: E79511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E79511 second address: E79515 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E79659 second address: E7965F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7965F second address: E79674 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7ECD1EBC16h 0x0000000a jo 00007F7ECD1EBC16h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E79674 second address: E79678 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E79678 second address: E79698 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a jmp 00007F7ECD1EBC22h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E79698 second address: E796A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F7ECC821F76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E79828 second address: E7982E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7999D second address: E799B6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F7ECC821F81h 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C1A4 second address: E7C21D instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jg 00007F7ECD1EBC16h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f jmp 00007F7ECD1EBC25h 0x00000014 mov dword ptr [ebp+122D3627h], esi 0x0000001a push 00000000h 0x0000001c or dword ptr [ebp+122D1B51h], esi 0x00000022 call 00007F7ECD1EBC19h 0x00000027 pushad 0x00000028 jns 00007F7ECD1EBC2Fh 0x0000002e jl 00007F7ECD1EBC18h 0x00000034 pushad 0x00000035 popad 0x00000036 popad 0x00000037 push eax 0x00000038 push eax 0x00000039 jp 00007F7ECD1EBC18h 0x0000003f pushad 0x00000040 popad 0x00000041 pop eax 0x00000042 mov eax, dword ptr [esp+04h] 0x00000046 push eax 0x00000047 push edx 0x00000048 push eax 0x00000049 push edx 0x0000004a push ebx 0x0000004b pop ebx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C21D second address: E7C227 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C227 second address: E7C23B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7ECD1EBC20h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C23B second address: E7C24A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C459 second address: E7C477 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 1A4D2E08h 0x0000000d mov dword ptr [ebp+122D1BBBh], edx 0x00000013 lea ebx, dword ptr [ebp+12453028h] 0x00000019 xchg eax, ebx 0x0000001a push edi 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C4CB second address: E7C4D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C4D0 second address: E7C4D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C4D6 second address: E7C52C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F7ECC821F78h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 mov esi, dword ptr [ebp+122D37E0h] 0x0000002a push 00000000h 0x0000002c call 00007F7ECC821F81h 0x00000031 push edx 0x00000032 movsx edi, bx 0x00000035 pop edx 0x00000036 pop edx 0x00000037 push 7C53F9B8h 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f jo 00007F7ECC821F76h 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7C52C second address: E7C5AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7ECD1EBC22h 0x0000000b popad 0x0000000c xor dword ptr [esp], 7C53F938h 0x00000013 mov esi, dword ptr [ebp+122D3804h] 0x00000019 push 00000003h 0x0000001b mov edi, dword ptr [ebp+122D36DCh] 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push esi 0x00000026 call 00007F7ECD1EBC18h 0x0000002b pop esi 0x0000002c mov dword ptr [esp+04h], esi 0x00000030 add dword ptr [esp+04h], 0000001Ah 0x00000038 inc esi 0x00000039 push esi 0x0000003a ret 0x0000003b pop esi 0x0000003c ret 0x0000003d call 00007F7ECD1EBC1Eh 0x00000042 mov edi, ecx 0x00000044 pop esi 0x00000045 mov edi, edx 0x00000047 mov ecx, 63C36598h 0x0000004c push 00000003h 0x0000004e mov edi, dword ptr [ebp+122D1819h] 0x00000054 call 00007F7ECD1EBC19h 0x00000059 push ecx 0x0000005a pushad 0x0000005b push eax 0x0000005c pop eax 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9B703 second address: E9B714 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7ECC821F7Bh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9B9A7 second address: E9B9AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9B9AF second address: E9B9B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9B9B3 second address: E9B9B7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9B9B7 second address: E9B9BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BC44 second address: E9BC54 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnp 00007F7ECD1EBC16h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BC54 second address: E9BC58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BC58 second address: E9BC86 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECD1EBC23h 0x00000007 jnp 00007F7ECD1EBC16h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jbe 00007F7ECD1EBC32h 0x00000017 push ebx 0x00000018 jnc 00007F7ECD1EBC16h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BC86 second address: E9BC8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BDE4 second address: E9BDEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BDEB second address: E9BE00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7ECC821F7Fh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BF68 second address: E9BF73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F7ECD1EBC16h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BF73 second address: E9BF79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9BF79 second address: E9BF98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7ECD1EBC22h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F7ECD1EBC16h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9C25A second address: E9C261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9C608 second address: E9C611 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9C611 second address: E9C615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9C615 second address: E9C627 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007F7ECD1EBC16h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9D610 second address: E9D616 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA2FDB second address: EA2FDF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA2FDF second address: EA2FF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7ECC821F7Bh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA36E5 second address: EA36EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA73BC second address: EA73CC instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA73CC second address: EA73D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA73D0 second address: EA73E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECC821F81h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EA7966 second address: EA7988 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7ECD1EBC28h 0x00000009 popad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAAB0D second address: EAAB2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECC821F86h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAAB2F second address: EAAB33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6A0FF second address: E6A105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6A105 second address: E6A109 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAC86B second address: EAC871 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAC871 second address: EAC875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EACC00 second address: EACC06 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EACC06 second address: EACC2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jmp 00007F7ECD1EBC26h 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EACC2E second address: EACC32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EACEE7 second address: EACEEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EACEEB second address: EACEF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAF813 second address: EAF819 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB2334 second address: EB23A9 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F7ECC821F7Fh 0x00000010 push esi 0x00000011 pop esi 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jc 00007F7ECC821F78h 0x0000001c pushad 0x0000001d popad 0x0000001e pop edx 0x0000001f nop 0x00000020 jp 00007F7ECC821F7Ch 0x00000026 mov esi, dword ptr [ebp+122D3658h] 0x0000002c push 00000000h 0x0000002e jmp 00007F7ECC821F82h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push ecx 0x00000038 call 00007F7ECC821F78h 0x0000003d pop ecx 0x0000003e mov dword ptr [esp+04h], ecx 0x00000042 add dword ptr [esp+04h], 00000016h 0x0000004a inc ecx 0x0000004b push ecx 0x0000004c ret 0x0000004d pop ecx 0x0000004e ret 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push esi 0x00000053 ja 00007F7ECC821F76h 0x00000059 pop esi 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB2F25 second address: EB2F33 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB2F33 second address: EB2F37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB3704 second address: EB370A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7A79 second address: EB7A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB7A7E second address: EB7A83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB6B7A second address: EB6B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB6B7E second address: EB6C1F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECD1EBC26h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push eax 0x0000000f call 00007F7ECD1EBC18h 0x00000014 pop eax 0x00000015 mov dword ptr [esp+04h], eax 0x00000019 add dword ptr [esp+04h], 00000015h 0x00000021 inc eax 0x00000022 push eax 0x00000023 ret 0x00000024 pop eax 0x00000025 ret 0x00000026 push dword ptr fs:[00000000h] 0x0000002d sbb di, 1EA0h 0x00000032 movzx ebx, cx 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c push 00000000h 0x0000003e push esi 0x0000003f call 00007F7ECD1EBC18h 0x00000044 pop esi 0x00000045 mov dword ptr [esp+04h], esi 0x00000049 add dword ptr [esp+04h], 0000001Dh 0x00000051 inc esi 0x00000052 push esi 0x00000053 ret 0x00000054 pop esi 0x00000055 ret 0x00000056 mov ebx, dword ptr [ebp+122D38D0h] 0x0000005c mov eax, dword ptr [ebp+122D14BDh] 0x00000062 mov di, B17Bh 0x00000066 push FFFFFFFFh 0x00000068 mov ebx, dword ptr [ebp+122D307Eh] 0x0000006e nop 0x0000006f ja 00007F7ECD1EBC1Eh 0x00000075 push eax 0x00000076 push eax 0x00000077 pushad 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB6C1F second address: EB6C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB8C97 second address: EB8C9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB9BCB second address: EB9BD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBAA12 second address: EBAA16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB8C9B second address: EB8CA1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB9BD0 second address: EB9C4C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7ECD1EBC18h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push esi 0x0000000f pushad 0x00000010 popad 0x00000011 pop esi 0x00000012 pop eax 0x00000013 nop 0x00000014 push ebx 0x00000015 sub bl, 00000071h 0x00000018 pop edi 0x00000019 push dword ptr fs:[00000000h] 0x00000020 mov ebx, dword ptr [ebp+122D3748h] 0x00000026 mov dword ptr fs:[00000000h], esp 0x0000002d push edi 0x0000002e mov edi, dword ptr [ebp+122D1FFEh] 0x00000034 pop ebx 0x00000035 mov eax, dword ptr [ebp+122D0605h] 0x0000003b push 00000000h 0x0000003d push edx 0x0000003e call 00007F7ECD1EBC18h 0x00000043 pop edx 0x00000044 mov dword ptr [esp+04h], edx 0x00000048 add dword ptr [esp+04h], 0000001Ah 0x00000050 inc edx 0x00000051 push edx 0x00000052 ret 0x00000053 pop edx 0x00000054 ret 0x00000055 mov di, 9C07h 0x00000059 push FFFFFFFFh 0x0000005b mov dword ptr [ebp+122D1FFEh], edi 0x00000061 nop 0x00000062 push eax 0x00000063 push edx 0x00000064 push edx 0x00000065 jmp 00007F7ECD1EBC1Eh 0x0000006a pop edx 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB9C4C second address: EB9C73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F7ECC821F7Eh 0x00000008 push esi 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jp 00007F7ECC821F76h 0x00000017 jg 00007F7ECC821F76h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EB8D4A second address: EB8D4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBB76E second address: EBB772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBB772 second address: EBB7C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov dword ptr [esp], eax 0x0000000a or bx, 21FAh 0x0000000f xor edi, 02E70255h 0x00000015 push 00000000h 0x00000017 mov dword ptr [ebp+12450835h], eax 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007F7ECD1EBC18h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000018h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 pushad 0x0000003a mov cx, bx 0x0000003d movsx eax, di 0x00000040 popad 0x00000041 mov bh, 06h 0x00000043 xchg eax, esi 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 push esi 0x00000048 pop esi 0x00000049 jp 00007F7ECD1EBC16h 0x0000004f popad 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBB7C8 second address: EBB7E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jbe 00007F7ECC821F76h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jl 00007F7ECC821F7Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBB7E1 second address: EBB7E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBC740 second address: EBC754 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECC821F80h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBB9C8 second address: EBB9CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBC922 second address: EBC926 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBC926 second address: EBC92A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBFE5B second address: EBFE77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 popad 0x00000008 nop 0x00000009 push 00000000h 0x0000000b mov ebx, esi 0x0000000d push 00000000h 0x0000000f mov bl, 28h 0x00000011 xchg eax, esi 0x00000012 push eax 0x00000013 push edx 0x00000014 js 00007F7ECC821F7Ch 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBFE77 second address: EBFE7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBFE7B second address: EBFE81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBFE81 second address: EBFE9F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F7ECD1EBC23h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBFE9F second address: EBFEA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBF076 second address: EBF07A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC0E3A second address: EC0E50 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jne 00007F7ECC821F78h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBFFEE second address: EBFFF7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBF07A second address: EBF080 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC0E50 second address: EC0E56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EBFFF7 second address: EC0008 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push eax 0x00000007 jl 00007F7ECC821F80h 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC0E56 second address: EC0E5A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC0E5A second address: EC0ECC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edi, dword ptr [ebp+122D38DCh] 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push edi 0x00000014 call 00007F7ECC821F78h 0x00000019 pop edi 0x0000001a mov dword ptr [esp+04h], edi 0x0000001e add dword ptr [esp+04h], 00000017h 0x00000026 inc edi 0x00000027 push edi 0x00000028 ret 0x00000029 pop edi 0x0000002a ret 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ebp 0x00000030 call 00007F7ECC821F78h 0x00000035 pop ebp 0x00000036 mov dword ptr [esp+04h], ebp 0x0000003a add dword ptr [esp+04h], 00000018h 0x00000042 inc ebp 0x00000043 push ebp 0x00000044 ret 0x00000045 pop ebp 0x00000046 ret 0x00000047 mov edi, dword ptr [ebp+122D3740h] 0x0000004d xchg eax, esi 0x0000004e push eax 0x0000004f push edx 0x00000050 push edi 0x00000051 jmp 00007F7ECC821F85h 0x00000056 pop edi 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC0ECC second address: EC0ED1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC2E1D second address: EC2E33 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jns 00007F7ECC821F78h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC5192 second address: EC5198 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EC5198 second address: EC519C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E66B46 second address: E66B4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECDA19 second address: ECDA3C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F7ECC821F7Fh 0x00000010 jnl 00007F7ECC821F76h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ECDD0F second address: ECDD19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F7ECD1EBC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED0F80 second address: ED0F86 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED0F86 second address: ED0F90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F7ECD1EBC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED0F90 second address: ED0F94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED1035 second address: ED1044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F7ECD1EBC16h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED1044 second address: ED1048 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED114E second address: ED1161 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECD1EBC1Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED4542 second address: ED4546 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED9565 second address: ED9571 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F7ECD1EBC16h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED9571 second address: ED9590 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F7ECC821F80h 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E686FF second address: E6872F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7ECD1EBC1Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F7ECD1EBC25h 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E6872F second address: E68735 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E68735 second address: E68739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED8849 second address: ED884D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED8B14 second address: ED8B3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECD1EBC1Dh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7ECD1EBC1Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 jbe 00007F7ECD1EBC16h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED8B3E second address: ED8B42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED8C7C second address: ED8C92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F7ECD1EBC20h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED8DD5 second address: ED8DD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED8DD9 second address: ED8DE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED8DE4 second address: ED8E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F7ECC821F7Fh 0x00000012 jmp 00007F7ECC821F7Dh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED8E0F second address: ED8E19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED8E19 second address: ED8E1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED8E1F second address: ED8E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED9273 second address: ED9277 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED9277 second address: ED9298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 jmp 00007F7ECD1EBC27h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ED9298 second address: ED92A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7ECC821F76h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB32C second address: EAB363 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7ECD1EBC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d mov dword ptr [ebp+122D1A0Ch], ecx 0x00000013 lea eax, dword ptr [ebp+124820D8h] 0x00000019 movzx edi, si 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F7ECD1EBC28h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB4CF second address: EAB4D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB8B2 second address: EAB8C5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7ECD1EBC18h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB8C5 second address: EAB8CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB8CB second address: EAB8D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F7ECD1EBC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAB8D5 second address: EAB8D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EABAFE second address: EABB04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EABB04 second address: EABB43 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], esi 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F7ECC821F78h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Dh 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov cx, 3921h 0x0000002d push eax 0x0000002e pushad 0x0000002f pushad 0x00000030 push ebx 0x00000031 pop ebx 0x00000032 push eax 0x00000033 push edx 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EABB43 second address: EABB50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F7ECD1EBC16h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAC20E second address: EAC214 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF280 second address: EDF2A1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F7ECD1EBC1Eh 0x00000011 push edx 0x00000012 pop edx 0x00000013 ja 00007F7ECD1EBC16h 0x00000019 je 00007F7ECD1EBC18h 0x0000001f push eax 0x00000020 pop eax 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF2A1 second address: EDF2BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECC821F83h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF414 second address: EDF418 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF418 second address: EDF41C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF41C second address: EDF422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF5A1 second address: EDF5A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF5A5 second address: EDF5C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7ECD1EBC24h 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF863 second address: EDF890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F7ECC821F76h 0x00000009 jl 00007F7ECC821F76h 0x0000000f popad 0x00000010 jmp 00007F7ECC821F81h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 jl 00007F7ECC821F92h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDF890 second address: EDF894 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EDFB84 second address: EDFB95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F7ECC821F76h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE46D6 second address: EE46DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE46DC second address: EE46E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE46E2 second address: EE470D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECD1EBC1Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F7ECD1EBC27h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE4862 second address: EE488B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F7ECC821F85h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F7ECC821F7Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE488B second address: EE488F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE49C9 second address: EE49DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 je 00007F7ECC821F78h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE49DA second address: EE49DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE4B1C second address: EE4B22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE4B22 second address: EE4B26 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE4B26 second address: EE4B30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE4CA5 second address: EE4CAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE4CAB second address: EE4CCF instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7ECC821F86h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE4E4C second address: EE4E50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE5144 second address: EE5151 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jbe 00007F7ECC821F76h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE52AD second address: EE52B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push edx 0x00000007 pop edx 0x00000008 pop esi 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE542F second address: EE5465 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECC821F88h 0x00000007 jmp 00007F7ECC821F80h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e je 00007F7ECC821F7Eh 0x00000014 push esi 0x00000015 pop esi 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EE5465 second address: EE547C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7ECD1EBC1Fh 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB30B second address: EEB32E instructions: 0x00000000 rdtsc 0x00000002 jg 00007F7ECC821F78h 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b jng 00007F7ECC821F76h 0x00000011 jno 00007F7ECC821F76h 0x00000017 pop esi 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push eax 0x0000001c push edx 0x0000001d jo 00007F7ECC821F76h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB873 second address: EEB87D instructions: 0x00000000 rdtsc 0x00000002 js 00007F7ECD1EBC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB87D second address: EEB8C0 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7ECC821F7Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 jmp 00007F7ECC821F89h 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F7ECC821F81h 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEB8C0 second address: EEB8C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEAE88 second address: EEAE92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F7ECC821F76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEAE92 second address: EEAE96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEAE96 second address: EEAED3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7ECC821F88h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jmp 00007F7ECC821F88h 0x00000014 push esi 0x00000015 pop esi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEAED3 second address: EEAEE5 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7ECD1EBC1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEBBCD second address: EEBBDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F7ECC821F7Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EEC19D second address: EEC1A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF5526 second address: EF5549 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECC821F86h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a js 00007F7ECC821F76h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF5549 second address: EF554F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF554F second address: EF5555 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF5555 second address: EF556D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push esi 0x00000007 jmp 00007F7ECD1EBC1Dh 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF556D second address: EF5571 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF4E8C second address: EF4E96 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7ECD1EBC16h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF4FF4 second address: EF4FFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF4FFB second address: EF5000 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EF759A second address: EF75D3 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F7ECC821F78h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e ja 00007F7ECC821F7Ch 0x00000014 jbe 00007F7ECC821F8Fh 0x0000001a jmp 00007F7ECC821F87h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFE47F second address: EFE485 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFE485 second address: EFE48B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EABF54 second address: EABF5A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EABF5A second address: EABF61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFD702 second address: EFD716 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7ECD1EBC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e jbe 00007F7ECD1EBC16h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFD716 second address: EFD71C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFD71C second address: EFD722 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EFD722 second address: EFD728 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F014F6 second address: F0152B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7ECD1EBC1Ch 0x00000008 jnl 00007F7ECD1EBC26h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push ebx 0x00000012 jp 00007F7ECD1EBC16h 0x00000018 pushad 0x00000019 popad 0x0000001a pop ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0152B second address: F0152F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F00D53 second address: F00D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F7ECD1EBC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F05408 second address: F0540E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F047DA second address: F047DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F04AF6 second address: F04AFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F04AFA second address: F04AFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F04C34 second address: F04C3C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F04C3C second address: F04C5E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jng 00007F7ECD1EBC16h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jbe 00007F7ECD1EBC33h 0x00000012 jmp 00007F7ECD1EBC1Dh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F04C5E second address: F04C64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0E39C second address: F0E3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0E3A0 second address: F0E3BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECC821F7Fh 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0E3BA second address: F0E3CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jns 00007F7ECD1EBC18h 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F7ECD1EBC16h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0C623 second address: F0C62C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0C746 second address: F0C757 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F7ECD1EBC16h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0C757 second address: F0C7A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7ECC821F81h 0x00000009 jnl 00007F7ECC821F76h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 jl 00007F7ECC821F76h 0x0000001d jmp 00007F7ECC821F82h 0x00000022 popad 0x00000023 jnp 00007F7ECC821F84h 0x00000029 push edi 0x0000002a pop edi 0x0000002b jmp 00007F7ECC821F7Ch 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0CA5A second address: F0CA73 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7ECD1EBC22h 0x00000008 push ebx 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0CCE0 second address: F0CCEA instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0CCEA second address: F0CCF1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0CCF1 second address: F0CCFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jnc 00007F7ECC821F76h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0CFDC second address: F0CFF9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F7ECD1EBC20h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0CFF9 second address: F0CFFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0CFFF second address: F0D00F instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7ECD1EBC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0D26E second address: F0D285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F7ECC821F7Dh 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0D285 second address: F0D293 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0D293 second address: F0D29A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0D29A second address: F0D2A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0D2A0 second address: F0D2C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7ECC821F87h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0D2C1 second address: F0D2C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0D7F7 second address: F0D804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0D804 second address: F0D80D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0DE32 second address: F0DE3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F0E0E8 second address: F0E0EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1159D second address: F115AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7ECC821F76h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F115AA second address: F115B4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7ECD1EBC1Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F115B4 second address: F115D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jl 00007F7ECC821F76h 0x0000000b jmp 00007F7ECC821F7Eh 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F115D6 second address: F115DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F115DA second address: F115FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F7ECC821F85h 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F115FB second address: F11602 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F11996 second address: F1199A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1199A second address: F119C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F7ECD1EBC2Fh 0x0000000c push eax 0x0000000d jne 00007F7ECD1EBC1Ch 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F119C8 second address: F119D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F16B79 second address: F16B8C instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7ECD1EBC16h 0x00000008 jo 00007F7ECD1EBC16h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F16B8C second address: F16BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7ECC821F80h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F19959 second address: F1995D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1995D second address: F19961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F19961 second address: F19974 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F7ECD1EBC18h 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F19974 second address: F1997A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F1997A second address: F19980 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F232EB second address: F232F5 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F7ECC821F76h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2149B second address: F2149F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2149F second address: F214E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F7ECC821F81h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnc 00007F7ECC821F7Ch 0x00000011 jnl 00007F7ECC821F84h 0x00000017 popad 0x00000018 ja 00007F7ECC821F84h 0x0000001e jl 00007F7ECC821F7Eh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F21A4F second address: F21A61 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jno 00007F7ECD1EBC16h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F21A61 second address: F21A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edi 0x00000007 pop edi 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F21A6D second address: F21A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F21A74 second address: F21A7E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7ECC821F7Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F21D68 second address: F21D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7ECD1EBC1Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F21D7C second address: F21D9F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F7ECC821F81h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F7ECC821F86h 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2207C second address: F22080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F22080 second address: F220B8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7ECC821F76h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F7ECC821F7Eh 0x00000012 jng 00007F7ECC821F76h 0x00000018 pushad 0x00000019 popad 0x0000001a pushad 0x0000001b jmp 00007F7ECC821F89h 0x00000020 pushad 0x00000021 popad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F220B8 second address: F220DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edi 0x00000007 jmp 00007F7ECD1EBC28h 0x0000000c pushad 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F22227 second address: F2222B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2222B second address: F22245 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edx 0x0000000a pop edx 0x0000000b jmp 00007F7ECD1EBC1Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2238E second address: F2239C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7ECC821F78h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2239C second address: F223A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F7ECD1EBC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F223A6 second address: F223AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F22AC2 second address: F22AC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2101D second address: F21024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F21024 second address: F21040 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7ECD1EBC28h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F28EB9 second address: F28EBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2893E second address: F2895A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F7ECD1EBC16h 0x0000000a popad 0x0000000b jmp 00007F7ECD1EBC1Dh 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F2895A second address: F2895E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F32C37 second address: F32C3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F32C3B second address: F32C3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E74207 second address: E7420B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7420B second address: E7422F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7ECC821F76h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007F7ECC821F83h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F32ABA second address: F32ABE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F32ABE second address: F32ADE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F7ECC821F7Dh 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pop eax 0x00000012 jbe 00007F7ECC821F76h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F32ADE second address: F32AF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECD1EBC21h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F32AF3 second address: F32AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F390D5 second address: F390F0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F7ECD1EBC25h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F390F0 second address: F390FB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F7ECC821F76h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F390FB second address: F3910C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F7ECD1EBC16h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push edx 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F38C27 second address: F38C5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F7ECC821F7Dh 0x0000000c popad 0x0000000d pushad 0x0000000e jp 00007F7ECC821F76h 0x00000014 jmp 00007F7ECC821F89h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3BCCE second address: F3BCD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F7ECD1EBC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3BCD8 second address: F3BCE4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3BCE4 second address: F3BCEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F3BCEA second address: F3BCEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F447BA second address: F447DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7ECD1EBC16h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7ECD1EBC23h 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F447DB second address: F447EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECC821F7Bh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F4DE8A second address: F4DE90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F4DE90 second address: F4DEBE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F7ECC821F76h 0x00000008 jmp 00007F7ECC821F7Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 jmp 00007F7ECC821F7Dh 0x00000015 pop ebx 0x00000016 jc 00007F7ECC821F7Ch 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E7278B second address: E72790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F50344 second address: F50351 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007F7ECC821F76h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F50351 second address: F50359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F50359 second address: F50376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7ECC821F81h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F50376 second address: F5037A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F56E36 second address: F56E3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F56E3E second address: F56E6A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F7ECD1EBC1Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F7ECD1EBC23h 0x00000016 push edi 0x00000017 pop edi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F56E6A second address: F56E7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnl 00007F7ECC821F7Ah 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F55E70 second address: F55E82 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7ECD1EBC16h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c je 00007F7ECD1EBC16h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F55E82 second address: F55E8C instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F55E8C second address: F55E94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F55E94 second address: F55E98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F5613E second address: F56144 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F56144 second address: F56166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jmp 00007F7ECC821F7Bh 0x0000000a pushad 0x0000000b jmp 00007F7ECC821F7Fh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F56B6E second address: F56B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F56B79 second address: F56B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7ECC821F76h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F683BB second address: F683DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F7ECD1EBC16h 0x0000000a jmp 00007F7ECD1EBC29h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F683DF second address: F683FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F7ECC821F7Eh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push edi 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F75F11 second address: F75F16 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F75F16 second address: F75F33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F7ECC821F81h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F75F33 second address: F75F3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F7ECD1EBC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F75F3D second address: F75F53 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7ECC821F76h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F7ECC821F7Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F75F53 second address: F75F75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jmp 00007F7ECD1EBC28h 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F75F75 second address: F75F7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F78DFE second address: F78E08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F7ECD1EBC16h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F78E08 second address: F78E0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F78E0C second address: F78E12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F78E12 second address: F78E4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007F7ECC821F87h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F7ECC821F81h 0x00000018 jns 00007F7ECC821F76h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F78E4E second address: F78E52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8E156 second address: F8E172 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECC821F88h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8E172 second address: F8E197 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F7ECD1EBC22h 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F7ECD1EBC1Fh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8E197 second address: F8E1BB instructions: 0x00000000 rdtsc 0x00000002 ja 00007F7ECC821F76h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ebx 0x0000000d jne 00007F7ECC821F82h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8E5BD second address: F8E5C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8E5C3 second address: F8E5C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8E5C8 second address: F8E5CD instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8E726 second address: F8E745 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F7ECC821F7Eh 0x0000000a jmp 00007F7ECC821F7Ah 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8E745 second address: F8E763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 jmp 00007F7ECD1EBC24h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F8E763 second address: F8E788 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F7ECC821F90h 0x0000000b jmp 00007F7ECC821F88h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F91497 second address: F9149B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F91760 second address: F917EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECC821F7Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007F7ECC821F78h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 nop 0x00000013 mov edx, 509B6605h 0x00000018 mov edx, 15F55940h 0x0000001d push 00000004h 0x0000001f call 00007F7ECC821F81h 0x00000024 mov edx, esi 0x00000026 pop edx 0x00000027 call 00007F7ECC821F79h 0x0000002c jnc 00007F7ECC821F7Ah 0x00000032 push eax 0x00000033 jmp 00007F7ECC821F82h 0x00000038 mov eax, dword ptr [esp+04h] 0x0000003c jnp 00007F7ECC821F83h 0x00000042 mov eax, dword ptr [eax] 0x00000044 push ebx 0x00000045 push edi 0x00000046 push eax 0x00000047 pop eax 0x00000048 pop edi 0x00000049 pop ebx 0x0000004a mov dword ptr [esp+04h], eax 0x0000004e push eax 0x0000004f push edx 0x00000050 push eax 0x00000051 push edx 0x00000052 je 00007F7ECC821F76h 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F917EE second address: F917F4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F91A81 second address: F91A9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7ECC821F88h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F92DCA second address: F92DF2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007F7ECD1EBC1Dh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F7ECD1EBC25h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F92DF2 second address: F92DF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F92DF8 second address: F92DFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAF3F8 second address: EAF407 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7ECC821F7Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: EAF407 second address: EAF41B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7ECD1EBC20h 0x00000009 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: EA4799 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: EA2DE5 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: CFCA4D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: F2A3DC instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 4460 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3664 Thread sleep time: -30000s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: file.exe, file.exe, 00000000.00000002.1738116282.0000000000E83000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.1737862960.00000000016DA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737647438.00000000016D8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1738682167.00000000016DB000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1738116282.0000000000E83000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.1738682167.00000000016A9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1737647438.00000000016A9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW@
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CDDF70 LdrInitializeThunk, 0_2_00CDDF70
Source: file.exe, file.exe, 00000000.00000002.1738116282.0000000000E83000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: KProgram Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1561392 Sample: file.exe Startdate: 23/11/2024 Architecture: WINDOWS Score: 100 10 property-imper.sbs 2->10 14 Suricata IDS alerts for network traffic 2->14 16 Antivirus / Scanner detection for submitted sample 2->16 18 Machine Learning detection for sample 2->18 20 2 other signatures 2->20 6 file.exe 2->6         started        signatures3 process4 dnsIp5 12 property-imper.sbs 104.21.33.116, 443, 49730, 49731 CLOUDFLARENETUS United States 6->12 22 Detected unpacking (changes PE section rights) 6->22 24 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->24 26 Tries to evade debugger and weak emulator (self modifying code) 6->26 28 4 other signatures 6->28 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.33.116
 property-imper.sbs United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
property-imper.sbs 104.21.33.116 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://property-imper.sbs/api false
    		high