Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1562846
MD5: 4e74078466a464a3e168f9a2c0a81a5d
SHA1: 7cec6570b1bc2688019354ddb0764c6fe606c10f
SHA256: fa3ce4c12cf5e9a03a82dca680308e69d0d6ef4eda47b9cda5b04636a7ae7e30
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for domain / URL
Suricata IDS alerts for network traffic
AI detected suspicious sample
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Detected potential crypto function
Entry point lies outside standard sections
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for URL or domain
Source: https://occupy-blushi.sbs/apiU= Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs:443/apiO Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/5 Avira URL Cloud: Label: malware
Multi AV Scanner detection for domain / URL
Source: https://occupy-blushi.sbs:443/apiO Virustotal: Detection: 10% Perma Link
Source: https://property-imper.sbs:443/apif Virustotal: Detection: 10% Perma Link
Source: https://occupy-blushi.sbs/5 Virustotal: Detection: 12% Perma Link
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: unknown HTTPS traffic detected: 104.21.7.169:443 -> 192.168.2.4:49730 version: TLS 1.2
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, byte ptr [esp+eax-63695966h] 0_2_00A3C110
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, cx 0_2_00A68440
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov al, 01h 0_2_00A6DF42
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax] 0_2_00A580FF
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+30h] 0_2_00A4B0C3
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then inc ebx 0_2_00A6F0D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [esi+edx] 0_2_00A5A190
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, edx 0_2_00A5719F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+edx+000000E8h] 0_2_00A3F1F6
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then inc ebx 0_2_00A6F1F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then inc ebx 0_2_00A6F2D0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [edi] 0_2_00A5D38F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [edi] 0_2_00A5D398
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, eax 0_2_00A4B3E1
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp al, 2Eh 0_2_00A56369
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push 00000000h 0_2_00A58498
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+ecx+34h] 0_2_00A4649B
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebp, eax 0_2_00A36410
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, byte ptr [ebx+eax+2D31F2E0h] 0_2_00A3B46C
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_00A5B472
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [ebx], al 0_2_00A5B472
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_00A5B455
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00A4C5A0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [esi], cx 0_2_00A4C5A0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], 845FA972h 0_2_00A495B0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax+04h] 0_2_00A495B0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edi+esi*8], 1B6183F2h 0_2_00A495B0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 8869E8E9h 0_2_00A495B0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then push 00000000h 0_2_00A58530
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [eax+edx] 0_2_00A4E690
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then inc ebx 0_2_00A6F690
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00A3B63A
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ecx+edi*8], 484CE391h 0_2_00A707F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_00A5C7F9
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebp+esi*8+00h], E6C7F7C6h 0_2_00A6B7C0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, byte ptr [esi+eax-4A2D609Fh] 0_2_00A5D8BE
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+ecx+34h] 0_2_00A46882
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax-000000ADh] 0_2_00A46882
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h 0_2_00A51890
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [edx] 0_2_00A658F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [esi], al 0_2_00A4B804
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], cl 0_2_00A5B455
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, ecx 0_2_00A469B8
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ecx, word ptr [esp+0Ch] 0_2_00A4C9F0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esi+eax-4A2D609Fh] 0_2_00A5D9C3
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+eax+34h] 0_2_00A459CA
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [ebx], cl 0_2_00A5DAB4
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ecx, eax 0_2_00A51AF0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov word ptr [eax], cx 0_2_00A51AF0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [edx+ecx*8], 4F699CD4h 0_2_00A70AC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebp, word ptr [eax] 0_2_00A70AC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov ebx, dword ptr [edi+04h] 0_2_00A59BB0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, dl 0_2_00A4ABBA
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edi, byte ptr [esp+ecx+04h] 0_2_00A68CA0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp] 0_2_00A38CF0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-102B7BDCh] 0_2_00A4ECC0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov dword ptr [esp], ecx 0_2_00A3DC10
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp byte ptr [esi+ecx], 00000000h 0_2_00A4DC60
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then add ecx, edi 0_2_00A5BC5F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov byte ptr [edi], al 0_2_00A5BC5F
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then inc ebx 0_2_00A6EDF0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esp+ecx+39F3FFEEh] 0_2_00A3EE2D
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx esi, byte ptr [esp+eax-06409A34h] 0_2_00A46E62
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then mov eax, dword ptr [esp+18h] 0_2_00A67FD0
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1CE638E1h 0_2_00A6FF70
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then movzx edx, byte ptr [esi+edi] 0_2_00A31F40
Source: C:\Users\user\Desktop\file.exe Code function: 4x nop then inc ebx 0_2_00A6EF50

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.4:49730 -> 104.21.7.169:443
Source: Network traffic Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.4:49730 -> 104.21.7.169:443
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 104.21.7.169 104.21.7.169
JA3 SSL client fingerprint seen in connection with other malware
Source: Joe Sandbox View JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
Suricata IDS alerts with low severity for network traffic
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49731 -> 104.21.7.169:443
Source: Network traffic Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:49730 -> 104.21.7.169:443
Uses a known web browser user agent for HTTP communication
Source: global traffic HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: occupy-blushi.sbs
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: property-imper.sbs
Source: global traffic DNS traffic detected: DNS query: frogs-severz.sbs
Source: global traffic DNS traffic detected: DNS query: occupy-blushi.sbs
Source: unknown HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: occupy-blushi.sbs
Source: file.exe, 00000000.00000003.1728504464.00000000015C1000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.micro
Source: file.exe, 00000000.00000003.1728504464.00000000015C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1731229197.00000000015C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs/
Source: file.exe, 00000000.00000003.1728504464.00000000015C9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1731229197.00000000015C9000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs/5
Source: file.exe, 00000000.00000003.1728504464.00000000015C1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1730970416.000000000150E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1728307723.00000000015D3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1730970416.0000000001578000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1731229197.00000000015C3000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs/api
Source: file.exe, 00000000.00000002.1730970416.000000000150E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs/apiU=
Source: file.exe, 00000000.00000002.1730970416.0000000001552000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs:443/api
Source: file.exe, 00000000.00000002.1730970416.0000000001552000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://occupy-blushi.sbs:443/apiO
Source: file.exe, 00000000.00000002.1730970416.000000000156B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs/api
Source: file.exe, 00000000.00000002.1730970416.0000000001552000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://property-imper.sbs:443/apif
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown HTTPS traffic detected: 104.21.7.169:443 -> 192.168.2.4:49730 version: TLS 1.2

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3C110 0_2_00A3C110
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3E2DB 0_2_00A3E2DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A68440 0_2_00A68440
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3B95B 0_2_00A3B95B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A39FC0 0_2_00A39FC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABD0AA 0_2_00ABD0AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A330A0 0_2_00A330A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A680A0 0_2_00A680A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE8089 0_2_00AE8089
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF8090 0_2_00AF8090
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE30EF 0_2_00AE30EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD20E8 0_2_00AD20E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC50E5 0_2_00AC50E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0A0E3 0_2_00B0A0E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A580FF 0_2_00A580FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF50F5 0_2_00AF50F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE20F5 0_2_00AE20F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB80DA 0_2_00AB80DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6F0D0 0_2_00A6F0D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF7028 0_2_00AF7028
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9C006 0_2_00A9C006
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADE013 0_2_00ADE013
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A99016 0_2_00A99016
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B01079 0_2_00B01079
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABF061 0_2_00ABF061
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADB060 0_2_00ADB060
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAF071 0_2_00AAF071
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC104A 0_2_00AC104A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B11058 0_2_00B11058
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB61AE 0_2_00AB61AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC01A5 0_2_00AC01A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0E1AA 0_2_00B0E1AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BFD19F 0_2_00BFD19F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C021E0 0_2_00C021E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE0198 0_2_00AE0198
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5719F 0_2_00A5719F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF21E2 0_2_00AF21E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B051E3 0_2_00B051E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3F1F6 0_2_00A3F1F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6F1F0 0_2_00A6F1F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAA1CA 0_2_00AAA1CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA7129 0_2_00AA7129
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC3128 0_2_00AC3128
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A98125 0_2_00A98125
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFE138 0_2_00AFE138
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE9136 0_2_00AE9136
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B10113 0_2_00B10113
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A95101 0_2_00A95101
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B06101 0_2_00B06101
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A49113 0_2_00A49113
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A45F12 0_2_00A45F12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC9163 0_2_00AC9163
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD517F 0_2_00AD517F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A55140 0_2_00A55140
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD114B 0_2_00AD114B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB4140 0_2_00AB4140
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0015B 0_2_00B0015B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A57149 0_2_00A57149
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB9145 0_2_00AB9145
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB115B 0_2_00AB115B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF115F 0_2_00AF115F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A67154 0_2_00A67154
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9E15D 0_2_00A9E15D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0C14B 0_2_00B0C14B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B032BF 0_2_00B032BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB92B9 0_2_00AB92B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADC2B9 0_2_00ADC2B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE72BA 0_2_00AE72BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4D280 0_2_00A4D280
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFD287 0_2_00AFD287
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABA280 0_2_00ABA280
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAD2EC 0_2_00AAD2EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA52E2 0_2_00AA52E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE52CC 0_2_00AE52CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B112C3 0_2_00B112C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6F2D0 0_2_00A6F2D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABB2DC 0_2_00ABB2DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD62DA 0_2_00AD62DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFF2D5 0_2_00AFF2D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0223A 0_2_00B0223A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A34F60 0_2_00A34F60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB0204 0_2_00AB0204
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA121C 0_2_00AA121C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA0269 0_2_00AA0269
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9F26D 0_2_00A9F26D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE426A 0_2_00AE426A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF927A 0_2_00AF927A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFB275 0_2_00AFB275
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0826B 0_2_00B0826B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9B275 0_2_00A9B275
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACE24E 0_2_00ACE24E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEE259 0_2_00AEE259
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF0250 0_2_00AF0250
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF4388 0_2_00AF4388
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACB384 0_2_00ACB384
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A69397 0_2_00A69397
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5D398 0_2_00A5D398
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB53EC 0_2_00AB53EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAE3CB 0_2_00AAE3CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0B3D6 0_2_00B0B3D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C0C3AD 0_2_00C0C3AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABA3C5 0_2_00ABA3C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAC334 0_2_00AAC334
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD5305 0_2_00AD5305
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD431A 0_2_00AD431A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B16308 0_2_00B16308
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC6317 0_2_00AC6317
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A56369 0_2_00A56369
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE937E 0_2_00AE937E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B14361 0_2_00B14361
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFA35A 0_2_00AFA35A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD0354 0_2_00AD0354
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0C4B0 0_2_00B0C4B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF04A6 0_2_00AF04A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD24A1 0_2_00AD24A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF64BD 0_2_00AF64BD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD44B3 0_2_00AD44B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEA48E 0_2_00AEA48E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE8486 0_2_00AE8486
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A96480 0_2_00A96480
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0B49F 0_2_00B0B49F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACF4E0 0_2_00ACF4E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AED4FB 0_2_00AED4FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A984CF 0_2_00A984CF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE04C3 0_2_00AE04C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A42422 0_2_00A42422
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4742C 0_2_00A4742C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC5427 0_2_00AC5427
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA743C 0_2_00AA743C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC8430 0_2_00AC8430
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9E419 0_2_00A9E419
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A36410 0_2_00A36410
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABF417 0_2_00ABF417
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEF463 0_2_00AEF463
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BC9454 0_2_00BC9454
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5B455 0_2_00A5B455
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB85AE 0_2_00AB85AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A945A5 0_2_00A945A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC55BF 0_2_00AC55BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A495B0 0_2_00A495B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF15B8 0_2_00AF15B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA8589 0_2_00AA8589
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE2589 0_2_00AE2589
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BF8590 0_2_00BF8590
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C055FF 0_2_00C055FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB65EA 0_2_00AB65EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B005F7 0_2_00B005F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF75F8 0_2_00AF75F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC25F2 0_2_00AC25F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA95C7 0_2_00AA95C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF55DB 0_2_00AF55DB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B08532 0_2_00B08532
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAF518 0_2_00AAF518
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC0514 0_2_00AC0514
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC3514 0_2_00AC3514
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A99516 0_2_00A99516
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF956A 0_2_00AF956A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A70560 0_2_00A70560
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABF577 0_2_00ABF577
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1056C 0_2_00B1056C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0E550 0_2_00B0E550
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A53540 0_2_00A53540
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE355F 0_2_00AE355F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD1553 0_2_00AD1553
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB26A9 0_2_00AB26A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B146BA 0_2_00B146BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B606A6 0_2_00B606A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADC6BA 0_2_00ADC6BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB16B3 0_2_00AB16B3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A666BA 0_2_00A666BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0D690 0_2_00B0D690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3C680 0_2_00A3C680
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB968F 0_2_00AB968F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA4681 0_2_00AA4681
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6F690 0_2_00A6F690
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD46EF 0_2_00AD46EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAE6FA 0_2_00AAE6FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD66C4 0_2_00AD66C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9D6DE 0_2_00A9D6DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADA6D4 0_2_00ADA6D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABE6D7 0_2_00ABE6D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC96D0 0_2_00AC96D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABB623 0_2_00ABB623
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEE625 0_2_00AEE625
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B02601 0_2_00B02601
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA6616 0_2_00AA6616
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA0617 0_2_00AA0617
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1560F 0_2_00B1560F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFC661 0_2_00AFC661
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA267D 0_2_00AA267D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD2674 0_2_00AD2674
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1666E 0_2_00B1666E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA164C 0_2_00AA164C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF3651 0_2_00AF3651
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9B7AD 0_2_00A9B7AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAF7A6 0_2_00AAF7A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BB1798 0_2_00BB1798
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACB788 0_2_00ACB788
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC878B 0_2_00AC878B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEC781 0_2_00AEC781
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B067F9 0_2_00B067F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0F7FB 0_2_00B0F7FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A707F0 0_2_00A707F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C00799 0_2_00C00799
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5C7F9 0_2_00A5C7F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE87F0 0_2_00AE87F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B157D8 0_2_00B157D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADD7DD 0_2_00ADD7DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A537D0 0_2_00A537D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACF7D9 0_2_00ACF7D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A587D9 0_2_00A587D9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9672D 0_2_00A9672D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC772A 0_2_00AC772A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE1729 0_2_00AE1729
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB7735 0_2_00AB7735
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB0711 0_2_00AB0711
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD9713 0_2_00AD9713
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A67760 0_2_00A67760
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFE768 0_2_00AFE768
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A45768 0_2_00A45768
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE974E 0_2_00AE974E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BFB756 0_2_00BFB756
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6B8B0 0_2_00A6B8B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B098A6 0_2_00B098A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A46882 0_2_00A46882
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA2896 0_2_00AA2896
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADB8F3 0_2_00ADB8F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3A8C0 0_2_00A3A8C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5B8DE 0_2_00A5B8DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFF8D2 0_2_00AFF8D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0C8CE 0_2_00B0C8CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACA83E 0_2_00ACA83E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B07811 0_2_00B07811
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAD81E 0_2_00AAD81E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC1813 0_2_00AC1813
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BF687C 0_2_00BF687C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF4868 0_2_00AF4868
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5B455 0_2_00A5B455
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5587F 0_2_00A5587F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A97840 0_2_00A97840
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5B859 0_2_00A5B859
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B1184D 0_2_00B1184D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE29A6 0_2_00AE29A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFC9B8 0_2_00AFC9B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A469B8 0_2_00A469B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5398C 0_2_00A5398C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABD982 0_2_00ABD982
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFD997 0_2_00AFD997
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4B998 0_2_00A4B998
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE39EE 0_2_00AE39EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B089E5 0_2_00B089E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEB9F9 0_2_00AEB9F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A679C0 0_2_00A679C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADE9C1 0_2_00ADE9C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAA9D8 0_2_00AAA9D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD99D7 0_2_00AD99D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB8922 0_2_00AB8922
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE9920 0_2_00AE9920
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B12922 0_2_00B12922
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFA935 0_2_00AFA935
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA890D 0_2_00AA890D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF8901 0_2_00AF8901
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A56962 0_2_00A56962
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C0A910 0_2_00C0A910
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A42940 0_2_00A42940
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADC945 0_2_00ADC945
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAC940 0_2_00AAC940
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB3952 0_2_00AB3952
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9F950 0_2_00A9F950
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A33AA0 0_2_00A33AA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE0ABA 0_2_00AE0ABA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC8AB4 0_2_00AC8AB4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A55ABE 0_2_00A55ABE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A57A83 0_2_00A57A83
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEEA95 0_2_00AEEA95
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A51AF0 0_2_00A51AF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFBAFA 0_2_00AFBAFA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A70AC0 0_2_00A70AC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A96AD3 0_2_00A96AD3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC4A2E 0_2_00AC4A2E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B02A2D 0_2_00B02A2D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD8A05 0_2_00AD8A05
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4DA10 0_2_00A4DA10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD3A61 0_2_00AD3A61
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A35A73 0_2_00A35A73
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC0A7F 0_2_00AC0A7F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE5A74 0_2_00AE5A74
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA3A76 0_2_00AA3A76
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9CA4E 0_2_00A9CA4E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AABA4D 0_2_00AABA4D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACFBA9 0_2_00ACFBA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADABBD 0_2_00ADABBD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B11BA6 0_2_00B11BA6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A41BB8 0_2_00A41BB8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC3B81 0_2_00AC3B81
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C03BF6 0_2_00C03BF6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B04B8F 0_2_00B04B8F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE5BFF 0_2_00AE5BFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE7BFD 0_2_00AE7BFD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B16BD3 0_2_00B16BD3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A94BD9 0_2_00A94BD9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF2B2D 0_2_00AF2B2D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0DB35 0_2_00B0DB35
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AADB27 0_2_00AADB27
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA4B01 0_2_00AA4B01
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAEB19 0_2_00AAEB19
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE6B1A 0_2_00AE6B1A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC7B1B 0_2_00AC7B1B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B10B08 0_2_00B10B08
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD2B61 0_2_00AD2B61
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD0B62 0_2_00AD0B62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA0B7D 0_2_00AA0B7D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADCB4A 0_2_00ADCB4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFEB48 0_2_00AFEB48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A68CA0 0_2_00A68CA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADDCB8 0_2_00ADDCB8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5CCBF 0_2_00A5CCBF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A35C82 0_2_00A35C82
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BFEC9C 0_2_00BFEC9C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACBC86 0_2_00ACBC86
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9EC96 0_2_00A9EC96
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACCCE8 0_2_00ACCCE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A38CF0 0_2_00A38CF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A55CF0 0_2_00A55CF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE4CF8 0_2_00AE4CF8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AACCC5 0_2_00AACCC5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B11CC4 0_2_00B11CC4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFFCD5 0_2_00AFFCD5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB3C2E 0_2_00AB3C2E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF5C25 0_2_00AF5C25
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A60C30 0_2_00A60C30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF3C15 0_2_00AF3C15
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABEC15 0_2_00ABEC15
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA3C69 0_2_00AA3C69
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4DC60 0_2_00A4DC60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AAFC61 0_2_00AAFC61
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD6C71 0_2_00BD6C71
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABAC65 0_2_00ABAC65
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AECC7D 0_2_00AECC7D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A59C50 0_2_00A59C50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5BC5F 0_2_00A5BC5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD1C53 0_2_00AD1C53
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A99DAF 0_2_00A99DAF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACADBE 0_2_00ACADBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADBDB1 0_2_00ADBDB1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFAD93 0_2_00AFAD93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6EDF0 0_2_00A6EDF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B09D38 0_2_00B09D38
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A56D2A 0_2_00A56D2A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A5FD36 0_2_00A5FD36
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE9D0E 0_2_00AE9D0E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFCD0F 0_2_00AFCD0F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A32D00 0_2_00A32D00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BD4D17 0_2_00BD4D17
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A57D0A 0_2_00A57D0A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA9D68 0_2_00AA9D68
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE6D6D 0_2_00AE6D6D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC2D64 0_2_00AC2D64
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADFD65 0_2_00ADFD65
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABBD60 0_2_00ABBD60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF0D64 0_2_00AF0D64
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA6D4E 0_2_00AA6D4E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3AD50 0_2_00A3AD50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB1D5D 0_2_00AB1D5D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0EEB2 0_2_00B0EEB2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEDEBC 0_2_00AEDEBC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD2EBE 0_2_00AD2EBE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEEEBA 0_2_00AEEEBA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFEEB2 0_2_00AFEEB2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A95EB6 0_2_00A95EB6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B01E97 0_2_00B01E97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF8E9C 0_2_00AF8E9C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC6E93 0_2_00AC6E93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9CEF9 0_2_00A9CEF9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ADAEFF 0_2_00ADAEFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF2EF1 0_2_00AF2EF1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4BEC0 0_2_00A4BEC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4EEC0 0_2_00A4EEC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE8ECB 0_2_00AE8ECB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6AEC0 0_2_00A6AEC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A96EDE 0_2_00A96EDE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A52E20 0_2_00A52E20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0CE28 0_2_00B0CE28
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9EE00 0_2_00A9EE00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0DE19 0_2_00B0DE19
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB2E01 0_2_00AB2E01
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AFBE04 0_2_00AFBE04
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BF4E12 0_2_00BF4E12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC8E17 0_2_00AC8E17
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A46E62 0_2_00A46E62
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB9E6C 0_2_00AB9E6C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B12E76 0_2_00B12E76
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9AE79 0_2_00A9AE79
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA9E48 0_2_00AA9E48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A60E40 0_2_00A60E40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B0BE45 0_2_00B0BE45
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD5FA0 0_2_00AD5FA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD6FA0 0_2_00AD6FA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA9F82 0_2_00AA9F82
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AE5F9B 0_2_00AE5F9B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B15F88 0_2_00B15F88
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A58FE0 0_2_00A58FE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6BFE0 0_2_00A6BFE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B14FF7 0_2_00B14FF7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B06FFA 0_2_00B06FFA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD7FF4 0_2_00AD7FF4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABBFCB 0_2_00ABBFCB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AC7FCA 0_2_00AC7FCA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF9FC8 0_2_00AF9FC8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB2FD6 0_2_00AB2FD6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF3F2C 0_2_00AF3F2C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AA1F3E 0_2_00AA1F3E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B02F2B 0_2_00B02F2B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AABF36 0_2_00AABF36
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AF1F33 0_2_00AF1F33
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ACDF09 0_2_00ACDF09
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A62F00 0_2_00A62F00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00ABCF07 0_2_00ABCF07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A45F12 0_2_00A45F12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A34F60 0_2_00A34F60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AD1F6E 0_2_00AD1F6E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AEBF69 0_2_00AEBF69
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AB4F60 0_2_00AB4F60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A50F70 0_2_00A50F70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00AADF4B 0_2_00AADF4B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A48F57 0_2_00A48F57
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A4CF50 0_2_00A4CF50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6EF50 0_2_00A6EF50
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00B16F48 0_2_00B16F48
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00A44D10 appears 75 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00A397C0 appears 48 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9982408940397351
Source: file.exe Static PE information: Section: zvfjtapm ZLIB complexity 0.9943644024562185
Source: classification engine Classification label: mal100.evad.winEXE@1/0@3/1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A610F0 CoCreateInstance, 0_2_00A610F0
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: webio.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: schannel.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mskeyprotect.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ncryptsslp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wbemcomn.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: amsi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: file.exe Static file information: File size 1895424 > 1048576
Source: file.exe Static PE information: Raw size of zvfjtapm is bigger than: 0x100000 < 0x1a5200

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.a30000.0.unpack :EW;.rsrc:W;.idata :W; :EW;zvfjtapm:EW;oivbhgwd:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;zvfjtapm:EW;oivbhgwd:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1daa87 should be: 0x1d736d
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: zvfjtapm
Source: file.exe Static PE information: section name: oivbhgwd
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2A0C0 push ebp; mov dword ptr [esp], ebx 0_2_00C2A112
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C2A0C0 push ebp; mov dword ptr [esp], ebx 0_2_00C2A185
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD70C5 push edx; mov dword ptr [esp], 30F53672h 0_2_00CD701A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00CD70C5 push 4A7419F3h; mov dword ptr [esp], ebp 0_2_00CD7081
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8D0A5 push ebx; mov dword ptr [esp], 505D7C1Bh 0_2_00A8D0AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A900A7 push ecx; mov dword ptr [esp], edi 0_2_00A900A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8C080 push edx; mov dword ptr [esp], ecx 0_2_00A8C089
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8D0E9 push 509DF461h; mov dword ptr [esp], ebp 0_2_00A8D0EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8D0E9 push 2AE07CBEh; mov dword ptr [esp], edx 0_2_00A8E45F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8D0C0 push 3A4638BFh; mov dword ptr [esp], eax 0_2_00A8D09D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8D0C0 push 29928561h; mov dword ptr [esp], esi 0_2_00A8E422
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8D0C0 push 2AE07CBEh; mov dword ptr [esp], edx 0_2_00A8E45F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8D02E push ecx; mov dword ptr [esp], 7F0458C0h 0_2_00A8E007
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE2062 push edx; mov dword ptr [esp], 7FF1868Ah 0_2_00EE20FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE2062 push edi; mov dword ptr [esp], 75BFC2A8h 0_2_00EE2131
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE2062 push edi; mov dword ptr [esp], 7E3F6705h 0_2_00EE2163
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00EE2062 push eax; mov dword ptr [esp], ebp 0_2_00EE2191
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8E026 push 0CF2C7C7h; mov dword ptr [esp], ebx 0_2_00A8E1A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A9103E push eax; mov dword ptr [esp], esp 0_2_00A91040
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A92074 push edx; mov dword ptr [esp], 3669115Fh 0_2_00A920A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00C8E03C push 25C87594h; mov dword ptr [esp], ebx 0_2_00C8E044
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8F051 push edx; mov dword ptr [esp], 00000004h 0_2_00A8FD1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A911AF push 27FF8DD8h; mov dword ptr [esp], edi 0_2_00A911B4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8F1A2 push ecx; mov dword ptr [esp], edi 0_2_00A8F1D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BFD19F push 26541471h; mov dword ptr [esp], ecx 0_2_00BFD1C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BFD19F push 409FDE5Ah; mov dword ptr [esp], edx 0_2_00BFD1CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BFD19F push 6DE023A1h; mov dword ptr [esp], ecx 0_2_00BFD1EC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BFD19F push 0B613C60h; mov dword ptr [esp], esp 0_2_00BFD217
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BFD19F push 66C2C65Fh; mov dword ptr [esp], esp 0_2_00BFD2E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BFD19F push 49E9DF66h; mov dword ptr [esp], esi 0_2_00BFD387
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00BFD19F push 50BE00D1h; mov dword ptr [esp], edx 0_2_00BFD3A9
Source: file.exe Static PE information: section name: entropy: 7.974913791834615
Source: file.exe Static PE information: section name: zvfjtapm entropy: 7.954257082250238

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C10680 second address: C10693 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CC6159Ch 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C107C2 second address: C107CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC83CBF9996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C10A60 second address: C10A66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C133AB second address: C133B5 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC83CBF999Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C133B5 second address: C133EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FC83CC615A0h 0x0000000d pushad 0x0000000e jp 00007FC83CC61596h 0x00000014 jmp 00007FC83CC6159Bh 0x00000019 popad 0x0000001a popad 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 push edi 0x00000023 pop edi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C133EA second address: C133F7 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C133F7 second address: C13440 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CC615A9h 0x00000009 popad 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d push esi 0x0000000e pushad 0x0000000f jmp 00007FC83CC615A9h 0x00000014 push esi 0x00000015 pop esi 0x00000016 popad 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f push ebx 0x00000020 pop ebx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C13440 second address: C13460 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C13460 second address: C13466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C13759 second address: C13789 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c jmp 00007FC83CBF999Fh 0x00000011 mov eax, dword ptr [eax] 0x00000013 jc 00007FC83CBF999Ah 0x00000019 push esi 0x0000001a push edi 0x0000001b pop edi 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C13789 second address: C13794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC83CC61596h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C13794 second address: C1379A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C1379A second address: C1379E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C335CD second address: C335E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007FC83CBF999Eh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3377C second address: C3378E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC83CC61596h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3378E second address: C33795 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3393A second address: C3393E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C33C03 second address: C33C1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 js 00007FC83CBF9996h 0x0000000d jmp 00007FC83CBF999Ah 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3404C second address: C34070 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jns 00007FC83CC6159Ah 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC83CC6159Dh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C341BC second address: C341C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C341C2 second address: C341D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C341D6 second address: C341E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C341E0 second address: C341E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3460D second address: C34613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2B7E9 second address: C2B7FB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 jnc 00007FC83CC61596h 0x0000000b pop edx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2B7FB second address: C2B82B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC83CBF99A1h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC83CBF99A4h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2B82B second address: C2B84E instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007FC83CC615A6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C2B84E second address: C2B86C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007FC83CBF99A4h 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3474F second address: C3477B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a popad 0x0000000b jnc 00007FC83CC61596h 0x00000011 pop eax 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 jmp 00007FC83CC615A3h 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C34CDA second address: C34CE6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push edi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C34CE6 second address: C34D04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FC83CC61596h 0x0000000a pop edi 0x0000000b pushad 0x0000000c jmp 00007FC83CC615A0h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C34D04 second address: C34D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C34D0A second address: C34D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C34D13 second address: C34D17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C350F4 second address: C35110 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 jmp 00007FC83CC615A5h 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C35110 second address: C35118 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C35118 second address: C3511C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3511C second address: C35129 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFB28B second address: BFB29F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CC6159Bh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BFB29F second address: BFB2BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A7h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3DC3E second address: C3DC4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [esp+04h] 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3DC4D second address: C3DC70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC83CBF99A5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3DC70 second address: C3DC8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007FC83CC6159Bh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3DDE5 second address: C3DDEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007FC83CBF9996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3DDEF second address: C3DE00 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3DE00 second address: C3DE1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jne 00007FC83CBF999Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 jns 00007FC83CBF9996h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C3DE1E second address: C3DE43 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b jng 00007FC83CC615B0h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC83CC615A2h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C42414 second address: C4241A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4241A second address: C4242E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 jnl 00007FC83CC61596h 0x0000000b pop esi 0x0000000c ja 00007FC83CC615A2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4242E second address: C42434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C42434 second address: C42449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FC83CC61598h 0x0000000e push eax 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C42449 second address: C4244E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4244E second address: C42465 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FC83CC61596h 0x00000009 jo 00007FC83CC61596h 0x0000000f jne 00007FC83CC61596h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44BB2 second address: C44BB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44BB8 second address: C44BBD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44BBD second address: C44BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC83CBF99A7h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44BE0 second address: C44BE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44CC5 second address: C44CC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C450A8 second address: C450B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC83CC61596h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C450B7 second address: C450E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d pushad 0x0000000e popad 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jno 00007FC83CBF9996h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C450E0 second address: C45107 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebx 0x00000008 or dword ptr [ebp+122D1B95h], esi 0x0000000e nop 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC83CC615A5h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C45107 second address: C4512E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CBF99A1h 0x0000000b popad 0x0000000c push eax 0x0000000d jnl 00007FC83CBF99A8h 0x00000013 push eax 0x00000014 push edx 0x00000015 jo 00007FC83CBF9996h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C45329 second address: C45350 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jp 00007FC83CC61596h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C45350 second address: C45356 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C45356 second address: C4536B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC83CC615A1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C476EF second address: C476F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C476F5 second address: C47768 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC83CC615A8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d sub dword ptr [ebp+122DB4CBh], eax 0x00000013 push 00000000h 0x00000015 mov esi, dword ptr [ebp+122D27B6h] 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007FC83CC61598h 0x00000025 pop esi 0x00000026 mov dword ptr [esp+04h], esi 0x0000002a add dword ptr [esp+04h], 00000019h 0x00000032 inc esi 0x00000033 push esi 0x00000034 ret 0x00000035 pop esi 0x00000036 ret 0x00000037 jmp 00007FC83CC615A3h 0x0000003c mov esi, 0DD089CAh 0x00000041 xchg eax, ebx 0x00000042 push eax 0x00000043 push edx 0x00000044 jnp 00007FC83CC6159Ch 0x0000004a push eax 0x0000004b push edx 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C47768 second address: C4776C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4776C second address: C47781 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 ja 00007FC83CC61596h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C47781 second address: C4778B instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4778B second address: C47790 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C47FFC second address: C4800A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF999Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C48A90 second address: C48A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4800A second address: C48027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC83CBF99A9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4A289 second address: C4A293 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FC83CC61596h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4A293 second address: C4A297 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4A297 second address: C4A2DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jnl 00007FC83CC615AEh 0x0000000f nop 0x00000010 xor esi, 73801F4Fh 0x00000016 push 00000000h 0x00000018 mov esi, dword ptr [ebp+122D2662h] 0x0000001e push 00000000h 0x00000020 mov edi, dword ptr [ebp+124588B2h] 0x00000026 xchg eax, ebx 0x00000027 pushad 0x00000028 push eax 0x00000029 push edx 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4A2DB second address: C4A2DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4A2DF second address: C4A307 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CC615A1h 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jp 00007FC83CC61596h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push edx 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4AD71 second address: C4AD75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4DD56 second address: C4DD6F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007FC83CC61596h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f je 00007FC83CC615A0h 0x00000015 push eax 0x00000016 push edx 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4B58A second address: C4B58F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4B58F second address: C4B595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4FFE0 second address: C4FFE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C50FDF second address: C5102C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d mov edi, dword ptr [ebp+122D291Eh] 0x00000013 push 00000000h 0x00000015 mov bh, dh 0x00000017 push 00000000h 0x00000019 call 00007FC83CC615A8h 0x0000001e push ebx 0x0000001f mov edi, dword ptr [ebp+122D35BDh] 0x00000025 pop edi 0x00000026 pop edi 0x00000027 xchg eax, esi 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b push edx 0x0000002c pop edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5102C second address: C51036 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C524B9 second address: C524BF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C53397 second address: C5339C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C542C2 second address: C542C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C553ED second address: C553F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C553F3 second address: C553F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C553F8 second address: C553FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C553FE second address: C55402 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C55402 second address: C5542A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007FC83CBF999Bh 0x0000000e nop 0x0000000f cmc 0x00000010 push 00000000h 0x00000012 mov ebx, dword ptr [ebp+122D2214h] 0x00000018 push 00000000h 0x0000001a stc 0x0000001b push eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5542A second address: C55430 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF9831 second address: BF9835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF9835 second address: BF9849 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jno 00007FC83CC6159Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C58AC0 second address: C58ACA instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C58ACA second address: C58AD5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jc 00007FC83CC61596h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C58AD5 second address: C58ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C59122 second address: C59129 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5A0D7 second address: C5A0DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5A0DB second address: C5A0E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5A0E1 second address: C5A0FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CBF99A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5D3E9 second address: C5D413 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jmp 00007FC83CC615A2h 0x0000000f jmp 00007FC83CC6159Dh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5D413 second address: C5D418 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5C575 second address: C5C57A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5F415 second address: C5F419 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5F419 second address: C5F41F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C5E6F1 second address: C5E6F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6492B second address: C6492F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6B88B second address: C6B896 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC83CBF9996h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6B896 second address: C6B8B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC83CC615A8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C6BB48 second address: C6BB52 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC83CBF999Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C71C3E second address: C71C43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C71C43 second address: C71C49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C77590 second address: C775BB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pop edi 0x00000006 jmp 00007FC83CC615A2h 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC83CC6159Fh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C002D0 second address: C002D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C002D4 second address: C00306 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CC6159Eh 0x0000000b ja 00007FC83CC6159Ch 0x00000011 popad 0x00000012 jo 00007FC83CC615A6h 0x00000018 push ecx 0x00000019 jp 00007FC83CC61596h 0x0000001f pop ecx 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C76822 second address: C76836 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF999Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C76836 second address: C7683B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7683B second address: C76868 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b ja 00007FC83CBF999Ah 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 pushad 0x00000016 jns 00007FC83CBF9996h 0x0000001c jmp 00007FC83CBF999Dh 0x00000021 pushad 0x00000022 popad 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C76868 second address: C76875 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 ja 00007FC83CC615A8h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C769B5 second address: C769DB instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jmp 00007FC83CBF99A6h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C76CDD second address: C76CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC83CC61596h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C77149 second address: C7714D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C77407 second address: C77422 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC83CC6159Ah 0x0000000c pushad 0x0000000d popad 0x0000000e jg 00007FC83CC61596h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7A878 second address: C7A89A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CBF999Bh 0x0000000b jmp 00007FC83CBF999Ah 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pushad 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7A89A second address: C7A8BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FC83CC615A9h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C7A8BF second address: C7A8CB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FC83CBF9996h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF488F second address: BF4893 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF4893 second address: BF4899 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF4899 second address: BF48CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CC615A3h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jnl 00007FC83CC615A1h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BF48CB second address: BF4910 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC83CBF9996h 0x0000000a jmp 00007FC83CBF99A1h 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push ebx 0x00000018 pop ebx 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007FC83CBF99A7h 0x00000021 js 00007FC83CBF9996h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C822E8 second address: C822F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC83CC61596h 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C42FD7 second address: C42FE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FC83CBF9996h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C42FE2 second address: C4300E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 mov ecx, dword ptr [ebp+122D27A2h] 0x0000000e lea eax, dword ptr [ebp+12489D3Ch] 0x00000014 mov cx, bx 0x00000017 nop 0x00000018 push eax 0x00000019 push edx 0x0000001a jp 00007FC83CC615A2h 0x00000020 jmp 00007FC83CC6159Ch 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4300E second address: C2B7E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007FC83CBF9996h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007FC83CBF999Ch 0x00000014 nop 0x00000015 mov di, D5C7h 0x00000019 call dword ptr [ebp+122D2302h] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC83CBF99A6h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C43450 second address: C43455 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C43551 second address: C43556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C43624 second address: C4362E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4376A second address: C4376E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4376E second address: C43799 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], esi 0x0000000a add di, E892h 0x0000000f nop 0x00000010 jmp 00007FC83CC615A6h 0x00000015 push eax 0x00000016 pushad 0x00000017 push ecx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C43D94 second address: C43DAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CBF99A3h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C43DAC second address: C43E25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FC83CC6159Eh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 0000001Eh 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007FC83CC61598h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a call 00007FC83CC615A9h 0x0000002f pushad 0x00000030 jng 00007FC83CC61596h 0x00000036 mov ebx, dword ptr [ebp+122D2479h] 0x0000003c popad 0x0000003d pop edx 0x0000003e nop 0x0000003f jo 00007FC83CC615ABh 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FC83CC6159Dh 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C440F8 second address: C44142 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CBF99A4h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f jp 00007FC83CBF9996h 0x00000015 pop esi 0x00000016 pop edx 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b jg 00007FC83CBF99A4h 0x00000021 mov eax, dword ptr [eax] 0x00000023 push eax 0x00000024 push edx 0x00000025 jng 00007FC83CBF999Ch 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44142 second address: C44146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C4424E second address: C44254 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C44254 second address: C4426F instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007FC83CC6159Ch 0x00000015 js 00007FC83CC61596h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C893F0 second address: C893F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C893F6 second address: C893FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C893FA second address: C89403 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C89403 second address: C89409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C89409 second address: C89411 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C8966B second address: C89684 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007FC83CC615A3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C89684 second address: C89688 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C897A8 second address: C897AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C06CA8 second address: C06CBE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CBF99A0h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C8E124 second address: C8E128 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C8E128 second address: C8E130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C8E130 second address: C8E135 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C8F0CF second address: C8F0FF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007FC83CBF99A7h 0x0000000a popad 0x0000000b jnc 00007FC83CBF9998h 0x00000011 pop edx 0x00000012 pop eax 0x00000013 jo 00007FC83CBF99A6h 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C8F547 second address: C8F54D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C8F54D second address: C8F559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C8F559 second address: C8F58D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007FC83CC6159Ch 0x00000010 jnc 00007FC83CC61596h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007FC83CC6159Eh 0x0000001e jmp 00007FC83CC6159Dh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C8F58D second address: C8F5B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CBF999Eh 0x00000008 jmp 00007FC83CBF999Bh 0x0000000d jno 00007FC83CBF9996h 0x00000013 popad 0x00000014 jo 00007FC83CBF99A7h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C8DE7D second address: C8DE82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C93B9E second address: C93BA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C93BA5 second address: C93BAA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9643D second address: C96443 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C96443 second address: C96450 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jo 00007FC83CC61596h 0x00000009 push edi 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C95FCA second address: C95FDA instructions: 0x00000000 rdtsc 0x00000002 jc 00007FC83CBF99A2h 0x00000008 jbe 00007FC83CBF9996h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C96152 second address: C96156 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9C89A second address: C9C8BE instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b js 00007FC83CBF9996h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FC83CBF99A0h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9C8BE second address: C9C8DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC83CC615A8h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9C8DF second address: C9C8E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9C8E5 second address: C9C8F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jns 00007FC83CC61596h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9B590 second address: C9B594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9B594 second address: C9B5B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007FC83CC6159Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9B860 second address: C9B87A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jne 00007FC83CBF9996h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007FC83CBF99A2h 0x00000012 jo 00007FC83CBF9996h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9B9A7 second address: C9B9AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9B9AD second address: C9B9CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jno 00007FC83CBF9996h 0x0000000d jmp 00007FC83CBF99A2h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9B9CE second address: C9B9D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C43CF1 second address: C43CFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC83CBF9996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9C608 second address: C9C615 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9C615 second address: C9C635 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FC83CBF999Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9F84E second address: C9F86E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FC83CC615A1h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9F86E second address: C9F874 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9EF96 second address: C9EF9A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9F109 second address: C9F115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9F115 second address: C9F119 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9F571 second address: C9F577 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C9F577 second address: C9F57C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA36F3 second address: CA3701 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jno 00007FC83CBF9996h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA3701 second address: CA370F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC83CC61596h 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2978 second address: CA297C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA297C second address: CA298B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FC83CC61596h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA298B second address: CA2991 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2991 second address: CA29A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FC83CC61596h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA29A2 second address: CA29A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2DCF second address: CA2DD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2DD9 second address: CA2E00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FC83CBF99A9h 0x0000000a push edi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop edi 0x0000000e popad 0x0000000f push edi 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA2E00 second address: CA2E25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 jmp 00007FC83CC6159Fh 0x0000000d jne 00007FC83CC61596h 0x00000013 jl 00007FC83CC61596h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA30C4 second address: CA30C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA30C8 second address: CA30D1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA30D1 second address: CA30E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CBF999Bh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA32A6 second address: CA32AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA32AA second address: CA32B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA32B0 second address: CA32B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAB547 second address: CAB54F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA97B3 second address: CA97B9 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA97B9 second address: CA97EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007FC83CBF99A1h 0x0000000c jmp 00007FC83CBF99A9h 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA999B second address: CA99A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA9C28 second address: CA9C32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA9C32 second address: CA9C3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CA9C3B second address: CA9C40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAAAB6 second address: CAAAEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CC6159Fh 0x00000008 jc 00007FC83CC61596h 0x0000000e push eax 0x0000000f pop eax 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FC83CC615A5h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAAD6C second address: CAAD7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC83CBF9996h 0x0000000a pop esi 0x0000000b pop ecx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CAAD7D second address: CAAD9C instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC83CC61596h 0x00000008 jmp 00007FC83CC6159Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 js 00007FC83CC61596h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB61CD second address: CB61D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB557F second address: CB5597 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC83CC615A1h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5597 second address: CB559B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB559B second address: CB55A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB55A1 second address: CB55A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB55A7 second address: CB55BA instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC83CC6159Eh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB589F second address: CB58AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC83CBF999Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB58AF second address: CB58B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB58B3 second address: CB58D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB58D4 second address: CB58E4 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB58E4 second address: CB58E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB58E8 second address: CB58FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CC6159Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5BC4 second address: CB5BC9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5BC9 second address: CB5BF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FC83CC615B6h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FC83CC615A4h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5D75 second address: CB5D88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jl 00007FC83CBF99A2h 0x0000000b jno 00007FC83CBF9996h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5D88 second address: CB5D8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CB5D8F second address: CB5DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CBF999Dh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBDE22 second address: CBDE55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CC615A1h 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC83CC615A6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBDE55 second address: CBDE59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBBF41 second address: CBBF48 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBC3CE second address: CBC3EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CBF999Eh 0x00000009 pushad 0x0000000a je 00007FC83CBF999Ah 0x00000010 pushad 0x00000011 popad 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBC3EF second address: CBC3F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBC52E second address: CBC539 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBC539 second address: CBC55D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A9h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBC6C3 second address: CBC6CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop esi 0x00000006 pushad 0x00000007 push esi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBC6CD second address: CBC6FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jmp 00007FC83CC6159Dh 0x0000000d jmp 00007FC83CC615A6h 0x00000012 push edx 0x00000013 pop edx 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBC82F second address: CBC833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBCC9F second address: CBCCAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007FC83CC61596h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBCE2D second address: CBCE32 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBCE32 second address: CBCE39 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBCE39 second address: CBCE3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBDC69 second address: CBDC7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC83CC6159Eh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBDC7D second address: CBDC83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBDC83 second address: CBDC87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBBAA7 second address: CBBAF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CBF99A7h 0x00000008 pushad 0x00000009 popad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d jmp 00007FC83CBF99A8h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jbe 00007FC83CBF9996h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBBAF0 second address: CBBAF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBBAF6 second address: CBBAFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBBAFA second address: CBBB00 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CBBB00 second address: CBBB05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC5305 second address: CC530F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC83CC61596h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC4E62 second address: CC4E73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jo 00007FC83CBF9996h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC4E73 second address: CC4E77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC4E77 second address: CC4E95 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF999Bh 0x00000007 jnc 00007FC83CBF9996h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push esi 0x00000011 pop esi 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CC777F second address: CC77B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC83CC615A5h 0x0000000b popad 0x0000000c jne 00007FC83CC6159Ch 0x00000012 push eax 0x00000013 pushad 0x00000014 popad 0x00000015 jng 00007FC83CC61596h 0x0000001b pop eax 0x0000001c push eax 0x0000001d push edx 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDCFA7 second address: CDCFAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDCFAD second address: CDCFB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDCFB1 second address: CDCFCA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC83CBF999Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jo 00007FC83CBF9996h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDCFCA second address: CDCFD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDCFD2 second address: CDCFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDCFD7 second address: CDCFEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC83CC6159Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CDCFEA second address: CDD008 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jmp 00007FC83CBF99A5h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CED9F0 second address: CED9F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CEDB6C second address: CEDB8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC83CBF9996h 0x0000000a jmp 00007FC83CBF99A7h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CEDE6F second address: CEDE73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CEE124 second address: CEE13F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF99A7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF1AE4 second address: CF1B19 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC83CC61596h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 jmp 00007FC83CC6159Eh 0x00000015 pop edi 0x00000016 jmp 00007FC83CC615A6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF1B19 second address: CF1B1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CF17BE second address: CF17C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CFCE6C second address: CFCE85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FC83CBF99A3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: CFBA23 second address: CFBA27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0C6E3 second address: D0C6EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0C6EF second address: D0C708 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC83CC615A3h 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0DC50 second address: D0DC54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0DC54 second address: D0DC5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0DC5A second address: D0DC6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC83CBF999Fh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0DC6E second address: D0DC82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC83CC6159Dh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D0DC82 second address: D0DC86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1203A second address: D1203E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D1203E second address: D12050 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007FC83CBF9996h 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D12050 second address: D12054 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D121C5 second address: D121CF instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D121CF second address: D12212 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007FC83CC615A0h 0x00000008 jmp 00007FC83CC615A0h 0x0000000d pop eax 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 jmp 00007FC83CC615A8h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D12212 second address: D12217 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D28992 second address: D289B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A6h 0x00000007 jp 00007FC83CC6159Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D28CCA second address: D28CD7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D28CD7 second address: D28CE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D28E4D second address: D28E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FC83CBF999Eh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D28E60 second address: D28E66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D28E66 second address: D28E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D294D9 second address: D294DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D294DF second address: D294E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC83CBF9996h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D294E9 second address: D294ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2AF6E second address: D2AF7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2AF7B second address: D2AF81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2AF81 second address: D2AF85 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2AF85 second address: D2AF93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2C68E second address: D2C696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2C696 second address: D2C6B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop esi 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC83CC615A4h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2C6B8 second address: D2C6DB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FC83CBF9996h 0x0000000a jmp 00007FC83CBF99A9h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F2A1 second address: D2F2AB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F307 second address: D2F31C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FC83CBF9996h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007FC83CBF9996h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F31C second address: D2F3AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007FC83CC615A3h 0x0000000f pop eax 0x00000010 popad 0x00000011 nop 0x00000012 mov edx, dword ptr [ebp+122D2752h] 0x00000018 mov edx, dword ptr [ebp+122D2612h] 0x0000001e push 00000004h 0x00000020 push 00000000h 0x00000022 push eax 0x00000023 call 00007FC83CC61598h 0x00000028 pop eax 0x00000029 mov dword ptr [esp+04h], eax 0x0000002d add dword ptr [esp+04h], 00000016h 0x00000035 inc eax 0x00000036 push eax 0x00000037 ret 0x00000038 pop eax 0x00000039 ret 0x0000003a call 00007FC83CC61599h 0x0000003f pushad 0x00000040 push edx 0x00000041 pushad 0x00000042 popad 0x00000043 pop edx 0x00000044 jmp 00007FC83CC615A1h 0x00000049 popad 0x0000004a push eax 0x0000004b push eax 0x0000004c push edx 0x0000004d jnl 00007FC83CC615A5h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F3AB second address: D2F3B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F3B2 second address: D2F3ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jp 00007FC83CC6159Ch 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 mov eax, dword ptr [eax] 0x00000019 push edi 0x0000001a jmp 00007FC83CC6159Eh 0x0000001f pop edi 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007FC83CC6159Ch 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F3ED second address: D2F3F2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F649 second address: D2F6A2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ebx 0x0000000b mov dword ptr [esp], eax 0x0000000e mov edx, dword ptr [ebp+122D1A64h] 0x00000014 push dword ptr [ebp+122D2236h] 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007FC83CC61598h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 00000019h 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 mov edx, dword ptr [ebp+122D230Eh] 0x0000003a call 00007FC83CC61599h 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007FC83CC6159Dh 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F6A2 second address: D2F6CE instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC83CBF9998h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b js 00007FC83CBF99A1h 0x00000011 jmp 00007FC83CBF999Bh 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a jng 00007FC83CBF99AEh 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F6CE second address: D2F6D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D2F6D2 second address: D2F705 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CBF999Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jg 00007FC83CBF99A8h 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D30C5B second address: D30C7E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC83CC615A9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push ebx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C472FD second address: C47301 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C47301 second address: C47327 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC83CC61596h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC83CC615A8h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: C474F2 second address: C474F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: A8C7C1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: C3C36D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: C6372E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: A8C6D0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: CCB8AA instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8F450 rdtsc 0_2_00A8F450
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 3652 Thread sleep time: -60000s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3652 Thread sleep time: -30000s >= -30000s Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Users\user\Desktop\file.exe WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS
Source: file.exe, file.exe, 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1730970416.0000000001539000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW0rX
Source: file.exe, 00000000.00000002.1730970416.0000000001578000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A8F450 rdtsc 0_2_00A8F450
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A6D770 LdrInitializeThunk, 0_2_00A6D770
Source: file.exe, file.exe, 00000000.00000002.1729215120.0000000000C1A000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: SProgram Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1562846 Sample: file.exe Startdate: 26/11/2024 Architecture: WINDOWS Score: 100 10 property-imper.sbs 2->10 12 occupy-blushi.sbs 2->12 14 frogs-severz.sbs 2->14 18 Multi AV Scanner detection for domain / URL 2->18 20 Suricata IDS alerts for network traffic 2->20 22 Antivirus detection for URL or domain 2->22 24 4 other signatures 2->24 6 file.exe 2->6         started        signatures3 process4 dnsIp5 16 occupy-blushi.sbs 104.21.7.169, 443, 49730, 49731 CLOUDFLARENETUS United States 6->16 26 Detected unpacking (changes PE section rights) 6->26 28 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->28 30 Tries to evade debugger and weak emulator (self modifying code) 6->30 32 4 other signatures 6->32 signatures6
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.7.169
 occupy-blushi.sbs United States
13335 CLOUDFLARENETUS false

Contacted Domains

Name IP Active
occupy-blushi.sbs 104.21.7.169 true
property-imper.sbs unknown unknown
frogs-severz.sbs unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://occupy-blushi.sbs/api false
    		high