Windows Analysis Report file.exe

Found inlined nop instructions (likely shell or obfuscated code)

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-63695966h]	0_2_003FC110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, cx	0_2_00428440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov al, 01h	0_2_0042DF42
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax]	0_2_004180FF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esi+edx]	0_2_0041A190
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00416369
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_003F6410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push 00000000h	0_2_00418498
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+34h]	0_2_0040649B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push 00000000h	0_2_00418530
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0040C5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_0040C5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [eax+edx]	0_2_0040E690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ecx+edi*8], 484CE391h	0_2_004307F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0041C7F9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0041B455
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+34h]	0_2_00406882
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-000000ADh]	0_2_00406882
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [esp+0Ch]	0_2_0040C9F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, ecx	0_2_004069B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 4F699CD4h	0_2_00430AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	0_2_00430AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, dl	0_2_0040ABBA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-102B7BDCh]	0_2_0040ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_003F8CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+04h]	0_2_00428CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042EDF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-06409A34h]	0_2_00406E62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042EF50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+30h]	0_2_0040B0C3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042F0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042F1F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+edx+000000E8h]	0_2_003FF1F6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_0041719F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042F2D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_0040B3E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edi]	0_2_0041D38F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edi]	0_2_0041D398
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0041B455
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0041B472
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0041B472
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [ebx+eax+2D31F2E0h]	0_2_003FB46C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 845FA972h	0_2_004095B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+04h]	0_2_004095B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 1B6183F2h	0_2_004095B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 8869E8E9h	0_2_004095B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_003FB63A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042F690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+esi*8+00h], E6C7F7C6h	0_2_0042B7C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_0040B804
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_004258F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00411890
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax-4A2D609Fh]	0_2_0041D8BE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+eax-4A2D609Fh]	0_2_0041D9C3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+34h]	0_2_004059CA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00411AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00411AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], cl	0_2_0041DAB4
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00419BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ecx, edi	0_2_0041BC5F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0041BC5F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+ecx], 00000000h	0_2_0040DC60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], ecx	0_2_003FDC10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1CE638E1h	0_2_0042FF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_003F1F40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+18h]	0_2_00427FD0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 172.67.187.240:443

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 172.67.187.240 172.67.187.240

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 172.67.187.240:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

HTTP traffic detected: POST /api HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36Content-Length: 8Host: occupy-blushi.sbs

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: property-imper.sbs
Source: global traffic	DNS traffic detected: DNS query: frogs-severz.sbs
Source: global traffic	DNS traffic detected: DNS query: occupy-blushi.sbs

Source: unknown

Source: file.exe, 00000000.00000003.2092494473.0000000000D2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: file.exe, 00000000.00000002.2093914762.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2092494473.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/
Source: file.exe, 00000000.00000002.2093914762.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2092494473.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2093647788.0000000000CB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/api
Source: file.exe, 00000000.00000002.2093647788.0000000000CB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/api=
Source: file.exe, 00000000.00000003.2092577797.0000000000CE4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2093855277.0000000000CE4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/apiws~
Source: file.exe, 00000000.00000002.2093647788.0000000000CC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs:443/api
Source: file.exe, 00000000.00000002.2093647788.0000000000CC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs:443/apiyG

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.5:49704 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FC110	0_2_003FC110
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00428440	0_2_00428440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FB95B	0_2_003FB95B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F9FC0	0_2_003F9FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050604B	0_2_0050604B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00508074	0_2_00508074
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FC067	0_2_004FC067
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061	0_2_004A0061
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C407D	0_2_004C407D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045A011	0_2_0045A011
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035	0_2_005C4035
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CE038	0_2_004CE038
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00492030	0_2_00492030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004780CC	0_2_004780CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A0D8	0_2_0048A0D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005360EA	0_2_005360EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004180FF	0_2_004180FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045C081	0_2_0045C081
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052E09A	0_2_0052E09A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049A09D	0_2_0049A09D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045809C	0_2_0045809C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E20AE	0_2_004E20AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004280A0	0_2_004280A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F00A5	0_2_004F00A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005140A5	0_2_005140A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004760BA	0_2_004760BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052A151	0_2_0052A151
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00468141	0_2_00468141
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6140	0_2_004A6140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405F12	0_2_00405F12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B8179	0_2_004B8179
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046610E	0_2_0046610E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F411D	0_2_004F411D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046C11E	0_2_0046C11E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00538109	0_2_00538109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00456118	0_2_00456118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F8120	0_2_004F8120
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00532128	0_2_00532128
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047013A	0_2_0047013A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047C1CC	0_2_0047C1CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047A1E2	0_2_0047A1E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004961E1	0_2_004961E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004981F8	0_2_004981F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AA188	0_2_004AA188
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049418A	0_2_0049418A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC185	0_2_004AC185
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00520182	0_2_00520182
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C8192	0_2_004C8192
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EC1A8	0_2_004EC1A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048C1A2	0_2_0048C1A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005241A6	0_2_005241A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E01B8	0_2_004E01B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00534246	0_2_00534246
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00482260	0_2_00482260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D8264	0_2_004D8264
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00490275	0_2_00490275
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FA217	0_2_004FA217
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CC233	0_2_004CC233
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005022DA	0_2_005022DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004722DD	0_2_004722DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050E2FE	0_2_0050E2FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005182FF	0_2_005182FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BC2FE	0_2_004BC2FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B228D	0_2_004B228D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E82BA	0_2_004E82BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046034B	0_2_0046034B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00464357	0_2_00464357
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00416369	0_2_00416369
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00530378	0_2_00530378
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CA372	0_2_004CA372
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052431E	0_2_0052431E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050A303	0_2_0050A303
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BA31C	0_2_004BA31C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6312	0_2_004A6312
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC320	0_2_004AC320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005063D4	0_2_005063D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046E3CF	0_2_0046E3CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004863C6	0_2_004863C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045E3D0	0_2_0045E3D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004883D4	0_2_004883D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C63FD	0_2_004C63FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B8383	0_2_004B8383
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C239B	0_2_004C239B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E43AA	0_2_004E43AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CE3A2	0_2_004CE3A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051044B	0_2_0051044B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F046E	0_2_004F046E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052E473	0_2_0052E473
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F6410	0_2_003F6410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049E40F	0_2_0049E40F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E2401	0_2_004E2401
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C4414	0_2_004C4414
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402422	0_2_00402422
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049243B	0_2_0049243B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A2438	0_2_004A2438
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005284DA	0_2_005284DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FA4C6	0_2_004FA4C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EE4C4	0_2_004EE4C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C84DD	0_2_004C84DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F44A0	0_2_003F44A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005AE4FD	0_2_005AE4FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B84F4	0_2_004B84F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AE49A	0_2_004AE49A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049A49E	0_2_0049A49E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050248E	0_2_0050248E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00496496	0_2_00496496
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005384BE	0_2_005384BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004624B7	0_2_004624B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00494556	0_2_00494556
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00430560	0_2_00430560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00470575	0_2_00470575
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A8572	0_2_004A8572
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FE507	0_2_004FE507
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EA504	0_2_004EA504
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4534	0_2_004B4534
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047C5C7	0_2_0047C5C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F45C1	0_2_004F45C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048C5DE	0_2_0048C5DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D05D6	0_2_004D05D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DC5EC	0_2_004DC5EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005325FE	0_2_005325FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F6587	0_2_004F6587
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F8581	0_2_004F8581
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AA5A8	0_2_004AA5A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004685B5	0_2_004685B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EC645	0_2_004EC645
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00538642	0_2_00538642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CE66E	0_2_004CE66E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00462607	0_2_00462607
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049862C	0_2_0049862C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047E62B	0_2_0047E62B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00500627	0_2_00500627
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004806EE	0_2_004806EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FC680	0_2_003FC680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00478680	0_2_00478680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050868F	0_2_0050868F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CC6A7	0_2_004CC6A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052C6A3	0_2_0052C6A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004266BA	0_2_004266BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048475A	0_2_0048475A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048675B	0_2_0048675B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E2755	0_2_004E2755
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046E77E	0_2_0046E77E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC717	0_2_004AC717
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00464722	0_2_00464722
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051673E	0_2_0051673E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051872F	0_2_0051872F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A27DC	0_2_004A27DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A87DD	0_2_004A87DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004187D9	0_2_004187D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D47ED	0_2_004D47ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051C7E3	0_2_0051C7E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004307F0	0_2_004307F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041C7F9	0_2_0041C7F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BC7F3	0_2_004BC7F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050E7EC	0_2_0050E7EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C0782	0_2_004C0782
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049E799	0_2_0049E799
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00534780	0_2_00534780
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B279E	0_2_004B279E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DA795	0_2_004DA795
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C67AD	0_2_004C67AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A07A5	0_2_004A07A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D27B4	0_2_004D27B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E87B4	0_2_004E87B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00502852	0_2_00502852
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045A840	0_2_0045A840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D884B	0_2_004D884B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046284D	0_2_0046284D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00472867	0_2_00472867
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041B455	0_2_0041B455
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F881B	0_2_004F881B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BA83F	0_2_004BA83F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004948DC	0_2_004948DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004668E6	0_2_004668E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004968E7	0_2_004968E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051E8EB	0_2_0051E8EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406882	0_2_00406882
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048C89D	0_2_0048C89D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051A889	0_2_0051A889
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F08AB	0_2_004F08AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FA8C0	0_2_003FA8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402940	0_2_00402940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050A95D	0_2_0050A95D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D6951	0_2_004D6951
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00416962	0_2_00416962
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00528975	0_2_00528975
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051297C	0_2_0051297C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A97B	0_2_0048A97B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048E97E	0_2_0048E97E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B8902	0_2_004B8902
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053291C	0_2_0053291C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CC918	0_2_004CC918
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F6960	0_2_003F6960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00492921	0_2_00492921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EE927	0_2_004EE927
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C2921	0_2_004C2921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F8921	0_2_004F8921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FC93C	0_2_004FC93C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047693D	0_2_0047693D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050C92B	0_2_0050C92B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A69CC	0_2_005A69CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AE9F7	0_2_004AE9F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F498A	0_2_004F498A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051C980	0_2_0051C980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C8994	0_2_004C8994
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B49AA	0_2_004B49AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC9AD	0_2_004AC9AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045A9B4	0_2_0045A9B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E29BD	0_2_004E29BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004689B3	0_2_004689B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004069B8	0_2_004069B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6A4D	0_2_004A6A4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00524A5B	0_2_00524A5B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045CA5F	0_2_0045CA5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DCA6D	0_2_004DCA6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00500A62	0_2_00500A62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D0A72	0_2_004D0A72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046AA03	0_2_0046AA03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00498A01	0_2_00498A01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00522A18	0_2_00522A18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B2A1B	0_2_004B2A1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00474A12	0_2_00474A12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00534A25	0_2_00534A25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00430AC0	0_2_00430AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00518AC6	0_2_00518AC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00476AF5	0_2_00476AF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004ACA93	0_2_004ACA93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050AA8C	0_2_0050AA8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00520A8C	0_2_00520A8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DEABD	0_2_004DEABD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00538B63	0_2_00538B63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00516B14	0_2_00516B14
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052CB1A	0_2_0052CB1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00458B15	0_2_00458B15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045EB25	0_2_0045EB25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00486B2D	0_2_00486B2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C6B38	0_2_004C6B38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049EB37	0_2_0049EB37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488BDF	0_2_00488BDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C4BE5	0_2_004C4BE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A2BFB	0_2_004A2BFB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BABF0	0_2_004BABF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00484B9D	0_2_00484B9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0BAD	0_2_004A0BAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00504BBE	0_2_00504BBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00472C5D	0_2_00472C5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00466C58	0_2_00466C58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FAC51	0_2_004FAC51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F2C6B	0_2_004F2C6B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00456C63	0_2_00456C63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00508C77	0_2_00508C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052AC7A	0_2_0052AC7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00460C7B	0_2_00460C7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052EC39	0_2_0052EC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00420C30	0_2_00420C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004ECC3D	0_2_004ECC3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00524CF4	0_2_00524CF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B4CE6	0_2_005B4CE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050ECED	0_2_0050ECED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044CCFA	0_2_0044CCFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F8CF0	0_2_003F8CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046ECA4	0_2_0046ECA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00428CA0	0_2_00428CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00538CA5	0_2_00538CA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041CCBF	0_2_0041CCBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B2D4B	0_2_004B2D4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C0D47	0_2_004C0D47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E2D5F	0_2_004E2D5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049AD5E	0_2_0049AD5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E6D6D	0_2_004E6D6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F2D00	0_2_003F2D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00480D01	0_2_00480D01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051ED1B	0_2_0051ED1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BED09	0_2_005BED09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D8D19	0_2_004D8D19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00522D33	0_2_00522D33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00416D2A	0_2_00416D2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046CD2D	0_2_0046CD2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FAD50	0_2_003FAD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00510D22	0_2_00510D22
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045AD33	0_2_0045AD33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047CDC3	0_2_0047CDC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F0DCA	0_2_004F0DCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00474DCF	0_2_00474DCF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FCDC5	0_2_004FCDC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F2DEC	0_2_004F2DEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00498DEE	0_2_00498DEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00454DED	0_2_00454DED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C8DE3	0_2_004C8DE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042EDF0	0_2_0042EDF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00496DF3	0_2_00496DF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00462DF9	0_2_00462DF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00512DBF	0_2_00512DBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D0DB8	0_2_004D0DB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00528DA5	0_2_00528DA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00420E40	0_2_00420E40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049CE42	0_2_0049CE42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00476E5C	0_2_00476E5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00492E68	0_2_00492E68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406E62	0_2_00406E62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D4E6F	0_2_004D4E6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00508E00	0_2_00508E00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A4E19	0_2_004A4E19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DCE17	0_2_004DCE17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6E16	0_2_004A6E16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412E20	0_2_00412E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046AE2D	0_2_0046AE2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048CE33	0_2_0048CE33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EEC0	0_2_0040EEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042AEC0	0_2_0042AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E2EC9	0_2_004E2EC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045AECE	0_2_0045AECE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057CED8	0_2_0057CED8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CEEDE	0_2_004CEEDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00516EC9	0_2_00516EC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00478EDC	0_2_00478EDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048AEE1	0_2_0048AEE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046CEEA	0_2_0046CEEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D2E94	0_2_004D2E94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F4E93	0_2_004F4E93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00520EB4	0_2_00520EB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B6EA4	0_2_004B6EA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040CF50	0_2_0040CF50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042EF50	0_2_0042EF50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A8F5F	0_2_004A8F5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408F57	0_2_00408F57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047CF6E	0_2_0047CF6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00410F70	0_2_00410F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E4F70	0_2_004E4F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00422F00	0_2_00422F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052CF15	0_2_0052CF15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F4F60	0_2_003F4F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C6F22	0_2_004C6F22
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00528F2E	0_2_00528F2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00500FCC	0_2_00500FCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BCFD5	0_2_004BCFD5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00418FE0	0_2_00418FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F8FEC	0_2_004F8FEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046EFF4	0_2_0046EFF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E0FF2	0_2_004E0FF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00504FEC	0_2_00504FEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00506F95	0_2_00506F95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CCF81	0_2_004CCF81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488F9F	0_2_00488F9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6FBC	0_2_004A6FBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E8FB6	0_2_004E8FB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048F04B	0_2_0048F04B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B504C	0_2_004B504C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00517046	0_2_00517046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FF06D	0_2_004FF06D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DF062	0_2_004DF062
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C1078	0_2_004C1078
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046307D	0_2_0046307D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045D078	0_2_0045D078
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00457001	0_2_00457001
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D5010	0_2_004D5010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042F0D0	0_2_0042F0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F30A0	0_2_003F30A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047F0F1	0_2_0047F0F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C3094	0_2_004C3094
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051508D	0_2_0051508D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00415140	0_2_00415140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481149	0_2_00481149
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00503154	0_2_00503154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051F155	0_2_0051F155
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00417149	0_2_00417149
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00455151	0_2_00455151
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049B15D	0_2_0049B15D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00427154	0_2_00427154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BB152	0_2_004BB152
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051314D	0_2_0051314D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B3154	0_2_004B3154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F3176	0_2_004F3176
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F710A	0_2_004F710A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409113	0_2_00409113
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050F103	0_2_0050F103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DB119	0_2_004DB119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A3112	0_2_004A3112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053913F	0_2_0053913F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049F138	0_2_0049F138
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00527120	0_2_00527120
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B113F	0_2_004B113F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A113D	0_2_004A113D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D7134	0_2_004D7134
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050B1D6	0_2_0050B1D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004871C4	0_2_004871C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DD1D1	0_2_004DD1D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004691E4	0_2_004691E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AF1E8	0_2_004AF1E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005291FE	0_2_005291FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BD1F5	0_2_005BD1F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042F1F0	0_2_0042F1F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004651F2	0_2_004651F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E31F5	0_2_004E31F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FF1F6	0_2_003FF1F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041719F	0_2_0041719F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F51AD	0_2_004F51AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D91A5	0_2_004D91A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004971B7	0_2_004971B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F4F60	0_2_003F4F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048D240	0_2_0048D240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D1264	0_2_004D1264
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E720F	0_2_004E720F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049320C	0_2_0049320C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00467222	0_2_00467222
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049922F	0_2_0049922F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C5230	0_2_004C5230
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FD2CD	0_2_004FD2CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042F2D0	0_2_0042F2D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A52D2	0_2_004A52D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004852E5	0_2_004852E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047B2F4	0_2_0047B2F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EB2F0	0_2_004EB2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D280	0_2_0040D280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00513294	0_2_00513294
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00433288	0_2_00433288
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00509286	0_2_00509286
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AB297	0_2_004AB297
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052D2B3	0_2_0052D2B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00537365	0_2_00537365
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00461318	0_2_00461318
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BF33E	0_2_004BF33E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DF33A	0_2_004DF33A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052B3D0	0_2_0052B3D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004573CC	0_2_004573CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A73C5	0_2_004A73C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C73FB	0_2_004C73FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FD3F2	0_2_004FD3F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F938A	0_2_004F938A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E5385	0_2_004E5385
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047D38B	0_2_0047D38B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00535387	0_2_00535387
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00429397	0_2_00429397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041D398	0_2_0041D398
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048B3A2	0_2_0048B3A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00515443	0_2_00515443
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041B455	0_2_0041B455
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00463452	0_2_00463452
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046545E	0_2_0046545E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052744F	0_2_0052744F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048F470	0_2_0048F470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049B470	0_2_0049B470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045D418	0_2_0045D418
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A9422	0_2_004A9422
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040742C	0_2_0040742C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D5435	0_2_004D5435
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BD4CB	0_2_004BD4CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EF4C7	0_2_004EF4C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049548B	0_2_0049548B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F348D	0_2_004F348D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DF489	0_2_004DF489
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050548B	0_2_0050548B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FF4BE	0_2_004FF4BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005214A5	0_2_005214A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FB4B3	0_2_004FB4B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00413540	0_2_00413540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045556C	0_2_0045556C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00491571	0_2_00491571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052F56D	0_2_0052F56D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046F501	0_2_0046F501
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00475517	0_2_00475517
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C1514	0_2_004C1514
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00477520	0_2_00477520
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050B539	0_2_0050B539
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050F527	0_2_0050F527
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FF5CE	0_2_004FF5CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047B5D7	0_2_0047B5D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004715E2	0_2_004715E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C35E0	0_2_004C35E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00511588	0_2_00511588
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045D59F	0_2_0045D59F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004095B0	0_2_004095B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005335A4	0_2_005335A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004875B2	0_2_004875B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004595BA	0_2_004595BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A35B5	0_2_004A35B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BD640	0_2_004BD640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051B643	0_2_0051B643
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BB672	0_2_004BB672
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B7671	0_2_004B7671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DB673	0_2_004DB673
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EF609	0_2_004EF609
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047960D	0_2_0047960D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046D60A	0_2_0046D60A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051F61C	0_2_0051F61C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A161B	0_2_004A161B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DD615	0_2_004DD615
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045B632	0_2_0045B632
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004976C5	0_2_004976C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005196C5	0_2_005196C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C56D5	0_2_004C56D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CB6EB	0_2_004CB6EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CF6E7	0_2_004CF6E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005136E6	0_2_005136E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004676FE	0_2_004676FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B36F0	0_2_004B36F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042F690	0_2_0042F690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049F693	0_2_0049F693
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E9695	0_2_004E9695

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 003F97C0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00404D10 appears 75 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9982796978476821
Source: file.exe	Static PE information: Section: ywhcmywm ZLIB complexity 0.9944042879674673

Source: classification engine

Classification label: mal100.evad.winEXE@1/0@3/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004210F0 CoCreateInstance,

0_2_004210F0

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1853952 > 1048576

Source: file.exe

Static PE information: Raw size of ywhcmywm is bigger than: 0x100000 < 0x19b200

Data Obfuscation

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.3f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ywhcmywm:EW;xzxnvjwq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ywhcmywm:EW;xzxnvjwq:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1d458b should be: 0x1d0587

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: ywhcmywm
Source: file.exe	Static PE information: section name: xzxnvjwq
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044D84B push 2CEBF992h; mov dword ptr [esp], ecx	0_2_0044DB67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00636078 push 3537DDBDh; mov dword ptr [esp], esp	0_2_00636180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00636078 push 2CCE6056h; mov dword ptr [esp], ecx	0_2_006361A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00636046 push 46CF86E1h; mov dword ptr [esp], ecx	0_2_006360E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00636046 push edi; mov dword ptr [esp], esp	0_2_00636108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061 push edx; mov dword ptr [esp], ebp	0_2_004A058C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061 push eax; mov dword ptr [esp], edi	0_2_004A0608
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061 push ecx; mov dword ptr [esp], 00000075h	0_2_004A0632
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061 push ebx; mov dword ptr [esp], ecx	0_2_004A06D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061 push ebp; mov dword ptr [esp], edx	0_2_004A072D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00452074 push edi; mov dword ptr [esp], 18FA2100h	0_2_00452B23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005D0009 push 59C93DE4h; mov dword ptr [esp], esi	0_2_005D005A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push edx; mov dword ptr [esp], esi	0_2_005C405C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 3BDA560Ah; mov dword ptr [esp], ecx	0_2_005C4130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ebp; mov dword ptr [esp], ecx	0_2_005C415B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ecx; mov dword ptr [esp], ebp	0_2_005C417B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 1A6A759Eh; mov dword ptr [esp], ebp	0_2_005C41D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ecx; mov dword ptr [esp], 7FE2B505h	0_2_005C4200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 2551ACB9h; mov dword ptr [esp], eax	0_2_005C42AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ebx; mov dword ptr [esp], edx	0_2_005C42D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ecx; mov dword ptr [esp], eax	0_2_005C431C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ebx; mov dword ptr [esp], esi	0_2_005C434E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 08CF5C93h; mov dword ptr [esp], edx	0_2_005C439D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 161FFC55h; mov dword ptr [esp], ecx	0_2_005C43D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 502DEE68h; mov dword ptr [esp], ebx	0_2_005C43FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ecx; mov dword ptr [esp], eax	0_2_005C4411
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ebp; mov dword ptr [esp], esi	0_2_005C447D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 2B7B11C3h; mov dword ptr [esp], esi	0_2_005C449F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push edx; mov dword ptr [esp], ebx	0_2_005C4525
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push edx; mov dword ptr [esp], ecx	0_2_005C4599
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 757E587Ch; mov dword ptr [esp], edx	0_2_005C4611

Source: file.exe	Static PE information: section name: entropy: 7.985563544091334
Source: file.exe	Static PE information: section name: ywhcmywm entropy: 7.954389595929918

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D4E4 second address: 44D4F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CBEE8 second address: 5CBEEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CBEEC second address: 5CBF09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007FA638FF778Fh 0x0000000c jnc 00007FA638FF7786h 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB3A3 second address: 5CB3A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB3A7 second address: 5CB3AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB3AB second address: 5CB3B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB3B3 second address: 5CB3B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB52A second address: 5CB53C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1AAh 0x00000009 popad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB53C second address: 5CB57E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop edi 0x00000008 push ebx 0x00000009 jmp 00007FA638FF778Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA638FF7792h 0x00000015 jmp 00007FA638FF7799h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE06C second address: 5CE0C1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnc 00007FA638AEE1BEh 0x0000000d nop 0x0000000e mov edx, 71323B1Ch 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 mov ecx, dword ptr [ebp+122D2EB7h] 0x0000001c pop ecx 0x0000001d call 00007FA638AEE1A9h 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 jmp 00007FA638AEE1B2h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE0C1 second address: 5CE0C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE0C6 second address: 5CE0CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE0CC second address: 5CE0D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE0D0 second address: 5CE101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e push edi 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop edi 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FA638AEE1B7h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE101 second address: 5CE105 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EEB98 second address: 5EEBA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EEBA6 second address: 5EEBCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FA638FF7798h 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FA638FF7790h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ECF10 second address: 5ECF38 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA638AEE1A6h 0x00000008 jmp 00007FA638AEE1B2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA638AEE1AAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ECF38 second address: 5ECF3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ECF3C second address: 5ECF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jnl 00007FA638AEE1A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED1F4 second address: 5ED1FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED1FA second address: 5ED1FF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED723 second address: 5ED727 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED896 second address: 5ED89B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED89B second address: 5ED8A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED9F1 second address: 5ED9F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED9F7 second address: 5EDA0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA638FF778Ah 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDA0A second address: 5EDA1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007FA638AEE1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDA1A second address: 5EDA20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDC77 second address: 5EDC7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDC7C second address: 5EDC82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDC82 second address: 5EDC86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDDED second address: 5EDE0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 push ecx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FA638FF778Fh 0x0000000f pop ecx 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDE0C second address: 5EDE12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BCCD3 second address: 5BCCDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BCCDE second address: 5BCD11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA638AEE1A6h 0x0000000a popad 0x0000000b push ebx 0x0000000c jg 00007FA638AEE1A6h 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 jg 00007FA638AEE1A8h 0x0000001b push edi 0x0000001c jmp 00007FA638AEE1B3h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5C83 second address: 5F5C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F49FF second address: 5F4A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5202 second address: 5F5206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5206 second address: 5F5232 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FA638AEE1B1h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F632A second address: 5F635A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jmp 00007FA638FF7799h 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F64BF second address: 5F64C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FCD03 second address: 5FCD0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FA638FF7786h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD16D second address: 5FD171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD471 second address: 5FD482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FA638FF7786h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD482 second address: 5FD496 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1AAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6B0 second address: 5FE6B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6B7 second address: 5FE6D7 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA638AEE1ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pop esi 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6D7 second address: 5FE6DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6DC second address: 5FE6E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6E2 second address: 5FE6E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6E6 second address: 5FE70B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE70B second address: 5FE70F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEAB7 second address: 5FEABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEBBD second address: 5FEBC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEBC1 second address: 5FEBE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FA638AEE1ACh 0x0000000c jnl 00007FA638AEE1A6h 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jns 00007FA638AEE1ACh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEBE3 second address: 5FEBFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA638FF7796h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEC87 second address: 5FECA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA638AEE1B7h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FECA5 second address: 5FECB3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FFAA6 second address: 5FFAB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FFAB2 second address: 5FFAB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FFF9C second address: 5FFFA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 601AE3 second address: 601B62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA638FF778Dh 0x00000008 jc 00007FA638FF7786h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], eax 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007FA638FF7788h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e jmp 00007FA638FF7799h 0x00000033 or dword ptr [ebp+122D2A48h], ecx 0x00000039 push 00000000h 0x0000003b jmp 00007FA638FF7790h 0x00000040 push 00000000h 0x00000042 mov di, 0AF6h 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 jo 00007FA638FF778Ch 0x0000004f jp 00007FA638FF7786h 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603105 second address: 60310B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60310B second address: 603132 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d mov dword ptr [ebp+12480CE0h], ecx 0x00000013 push 00000000h 0x00000015 jbe 00007FA638FF778Ch 0x0000001b mov dword ptr [ebp+122D3C9Bh], ecx 0x00000021 xchg eax, ebx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60234B second address: 602352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 602352 second address: 602357 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603C0D second address: 603C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1B9h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603C2B second address: 603C30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603C30 second address: 603C36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6092F1 second address: 6092F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6092F5 second address: 6092FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6092FB second address: 60934C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA638FF7786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FA638FF7788h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 jmp 00007FA638FF778Dh 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edi 0x00000033 mov dword ptr [ebp+122D31ABh], ecx 0x00000039 pop ebx 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e jc 00007FA638FF7786h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60934C second address: 60935B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA638AEE1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60A33E second address: 60A358 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA638FF7796h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60A358 second address: 60A36A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jc 00007FA638AEE1AEh 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B26A second address: 60B26E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60949D second address: 6094A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6094A1 second address: 6094A7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6094A7 second address: 6094AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B4F0 second address: 60B4F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60C38A second address: 60C38E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B4F6 second address: 60B4FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60D177 second address: 60D1DE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov di, 4461h 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007FA638AEE1A8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b mov dword ptr [ebp+122D397Ah], eax 0x00000031 mov ebx, dword ptr [ebp+122D1CB9h] 0x00000037 push 00000000h 0x00000039 xor dword ptr [ebp+122D3CA8h], edx 0x0000003f xchg eax, esi 0x00000040 pushad 0x00000041 jns 00007FA638AEE1BAh 0x00000047 push eax 0x00000048 push edx 0x00000049 jns 00007FA638AEE1A6h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60C38E second address: 60C399 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FA638FF7786h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B4FA second address: 60B50D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA638AEE1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60D1DE second address: 60D1E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B50D second address: 60B517 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA638AEE1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B517 second address: 60B51D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E193 second address: 60E197 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E197 second address: 60E19D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E19D second address: 60E1A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA638AEE1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E509 second address: 60E528 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA638FF778Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E528 second address: 60E52C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6104B0 second address: 6104D4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jno 00007FA638FF7786h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA638FF7794h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6143C6 second address: 6143D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 611594 second address: 61159A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 614567 second address: 61456D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61542E second address: 615432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 615432 second address: 61543C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 616399 second address: 61639D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61639D second address: 6163A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6155A9 second address: 6155AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6155AD second address: 6155B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617462 second address: 617466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617466 second address: 6174EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA638AEE1B6h 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007FA638AEE1A8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 sub dword ptr [ebp+122D1904h], edx 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push esi 0x00000032 call 00007FA638AEE1A8h 0x00000037 pop esi 0x00000038 mov dword ptr [esp+04h], esi 0x0000003c add dword ptr [esp+04h], 00000019h 0x00000044 inc esi 0x00000045 push esi 0x00000046 ret 0x00000047 pop esi 0x00000048 ret 0x00000049 mov bh, 7Bh 0x0000004b push 00000000h 0x0000004d mov ebx, 73905F70h 0x00000052 xchg eax, esi 0x00000053 push eax 0x00000054 push edx 0x00000055 jnp 00007FA638AEE1B4h 0x0000005b jmp 00007FA638AEE1AEh 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6174EF second address: 617509 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA638FF7788h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA638FF778Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617509 second address: 61750E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6183D7 second address: 6183E1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA638FF7786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61855F second address: 618564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61FCA9 second address: 61FCAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6D39 second address: 5C6D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61F437 second address: 61F45D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jbe 00007FA638FF7786h 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FA638FF778Eh 0x00000015 jng 00007FA638FF7786h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626F50 second address: 626F55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628593 second address: 6285C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF7798h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FA638FF7794h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6285C5 second address: 6285C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C0DC second address: 62C127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638FF7790h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FA638FF7792h 0x00000014 pop edx 0x00000015 popad 0x00000016 pushad 0x00000017 jmp 00007FA638FF778Dh 0x0000001c jmp 00007FA638FF778Ah 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C68D second address: 62C6B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FA638AEE1AFh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C6B8 second address: 62C6BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C6BC second address: 62C6CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FA638AEE1A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C6CA second address: 62C6DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CD73 second address: 62CD77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CD77 second address: 62CD90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FA638FF7786h 0x0000000e jmp 00007FA638FF778Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CF4C second address: 62CF56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA638AEE1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CF56 second address: 62CF6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c jnp 00007FA638FF7786h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62D228 second address: 62D244 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA638AEE1AAh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62D244 second address: 62D256 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62D256 second address: 62D28E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B4h 0x00000007 pushad 0x00000008 jc 00007FA638AEE1A6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jns 00007FA638AEE1AAh 0x0000001b pushad 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e jnl 00007FA638AEE1A6h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C02FF second address: 5C0351 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Eh 0x00000007 jmp 00007FA638FF7798h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA638FF778Dh 0x00000015 jmp 00007FA638FF7799h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C0351 second address: 5C0369 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C0369 second address: 5C0373 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA638FF77A4h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63213E second address: 632152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1B0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632152 second address: 632184 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007FA638FF778Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA638FF7792h 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632184 second address: 63218E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA638AEE1A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6325D6 second address: 6325E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632718 second address: 632729 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 ja 00007FA638AEE1A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632729 second address: 63272F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63272F second address: 632778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA638AEE1AAh 0x0000000a jnp 00007FA638AEE1B7h 0x00000010 jmp 00007FA638AEE1AFh 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b jg 00007FA638AEE1A6h 0x00000021 jmp 00007FA638AEE1B8h 0x00000026 pop esi 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632778 second address: 632796 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF7799h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632A36 second address: 632A4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B1h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632BBD second address: 632BC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632BC2 second address: 632BC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632EBE second address: 632ECA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632ECA second address: 632ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E33D8 second address: 5E33EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007FA638FF778Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635135 second address: 635139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635139 second address: 63513D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63513D second address: 635149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B4820 second address: 5B4829 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B4829 second address: 5B4833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A416 second address: 63A434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FA638FF7786h 0x0000000a jmp 00007FA638FF778Eh 0x0000000f popad 0x00000010 push ecx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A434 second address: 63A439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A439 second address: 63A44A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FA638FF7786h 0x00000009 jnp 00007FA638FF7786h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A44A second address: 63A450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63900C second address: 63901A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnp 00007FA638FF7786h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63901A second address: 63902D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA638AEE1ACh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 639C57 second address: 639C5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 639C5B second address: 639C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 639D90 second address: 639D94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 639EC1 second address: 639EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64443F second address: 644443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644443 second address: 64446E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a je 00007FA638AEE1A6h 0x00000010 js 00007FA638AEE1A6h 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a jnc 00007FA638AEE1A6h 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60658D second address: 606591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606591 second address: 60659B instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA638AEE1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6067F4 second address: 6067F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6067F8 second address: 6067FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606C6B second address: 606C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606C6F second address: 606C82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007FA638AEE1A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606C82 second address: 606CC0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA638FF7786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007FA638FF7796h 0x00000010 pop esi 0x00000011 popad 0x00000012 mov eax, dword ptr [eax] 0x00000014 jmp 00007FA638FF778Bh 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jnp 00007FA638FF7788h 0x00000025 push edx 0x00000026 pop edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6070BA second address: 6070C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA638AEE1A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644742 second address: 644765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FA638FF7786h 0x0000000d jmp 00007FA638FF7796h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6448C0 second address: 6448C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6448C4 second address: 6448C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6448C8 second address: 6448DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA638AEE1AEh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6448DE second address: 6448F4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA638FF778Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6448F4 second address: 644904 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007FA638AEE1A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644904 second address: 644908 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644A75 second address: 644A90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B5h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644A90 second address: 644AAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF7794h 0x00000007 push esi 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644D22 second address: 644D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644D26 second address: 644D36 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FA638FF7786h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644EA2 second address: 644EAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA638AEE1A6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644EAE second address: 644EBA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 645148 second address: 64514E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64514E second address: 645158 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 645158 second address: 645162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA638AEE1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 645162 second address: 645181 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF7797h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B2C9F second address: 5B2CA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B2CA3 second address: 5B2CA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B2CA7 second address: 5B2CC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FA638AEE1AEh 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64A88F second address: 64A894 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64E586 second address: 64E58A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64E58A second address: 64E58E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64E58E second address: 64E599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9648 second address: 5B964C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B964C second address: 5B9655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64DCFE second address: 64DD0B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push edx 0x00000008 push eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64E2C8 second address: 64E2E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FA638AEE1B8h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64E2E7 second address: 64E2EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652AAE second address: 652AC3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA638AEE1ACh 0x00000008 js 00007FA638AEE1A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652AC3 second address: 652ACE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652C2B second address: 652C44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA638AEE1B4h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652D8C second address: 652DA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FA638FF778Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652DA5 second address: 652DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652DAB second address: 652DB2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6072CD second address: 6072E2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 jnc 00007FA638AEE1A8h 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6072E2 second address: 607319 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b mov ecx, dword ptr [ebp+122D318Ah] 0x00000011 push 00000004h 0x00000013 nop 0x00000014 jmp 00007FA638FF7794h 0x00000019 push eax 0x0000001a push ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 607319 second address: 60731D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657B61 second address: 657B66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657B66 second address: 657B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1AAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657B76 second address: 657B7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C388E second address: 5C38A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007FA638AEE1A6h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C38A3 second address: 5C38B7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA638FF7786h 0x00000008 jnl 00007FA638FF7786h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C38B7 second address: 5C38BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657039 second address: 657071 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF7792h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA638FF778Bh 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 jmp 00007FA638FF778Eh 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657071 second address: 657077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65744D second address: 657451 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657451 second address: 657457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657457 second address: 657482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA638FF7794h 0x0000000e jmp 00007FA638FF778Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657482 second address: 657494 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1ADh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657494 second address: 6574A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA638FF7786h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 660607 second address: 660620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FA638AEE1B3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65E5FA second address: 65E600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65E600 second address: 65E606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EC1B second address: 65EC21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EF2B second address: 65EF33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EF33 second address: 65EF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F4FD second address: 65F535 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA638AEE1B1h 0x0000000e pop esi 0x0000000f jng 00007FA638AEE1BEh 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F7DA second address: 65F7EF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA638FF7786h 0x00000008 jne 00007FA638FF7786h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F7EF second address: 65F7F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F7F4 second address: 65F81A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA638FF7788h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jmp 00007FA638FF7796h 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65FABC second address: 65FAC1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66006D second address: 660085 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ah 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FA638FF7786h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66363E second address: 663688 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007FA638AEE1C0h 0x0000000d jnc 00007FA638AEE1BFh 0x00000013 jmp 00007FA638AEE1B3h 0x00000018 jno 00007FA638AEE1A6h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663688 second address: 66368C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66368C second address: 663692 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663AC2 second address: 663AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnl 00007FA638FF7792h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663AD9 second address: 663AF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FA638AEE1A6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA638AEE1B2h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663AF9 second address: 663AFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C1E81 second address: 5C1E92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jc 00007FA638AEE1A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E277 second address: 66E27C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E27C second address: 66E286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E6B4 second address: 66E6B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E6B8 second address: 66E6D6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FA638AEE1AEh 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E6D6 second address: 66E6DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E8D2 second address: 66E8EF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jo 00007FA638AEE1A6h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA638AEE1ABh 0x00000011 jnl 00007FA638AEE1A6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66EE4A second address: 66EE50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66DCFC second address: 66DD04 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 673CB8 second address: 673CC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67CD1F second address: 67CD2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67CD2F second address: 67CD33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67CD33 second address: 67CD3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67C763 second address: 67C769 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67C769 second address: 67C790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007FA638AEE1A6h 0x0000000e jmp 00007FA638AEE1B9h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67CA51 second address: 67CA7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ah 0x00000007 pushad 0x00000008 jp 00007FA638FF7786h 0x0000000e jmp 00007FA638FF7796h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67ED46 second address: 67ED5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1B2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67ED5C second address: 67ED73 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA638FF7786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA638FF778Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67ED73 second address: 67EDB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA638AEE1B4h 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007FA638AEE1B9h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 je 00007FA638AEE1A6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A884 second address: 68A88A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A88A second address: 68A8D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA638AEE1ADh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA638AEE1B9h 0x00000015 ja 00007FA638AEE1A6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BE883 second address: 5BE8A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA638FF7792h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A58C second address: 68A596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA638AEE1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68DE2B second address: 68DE86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638FF778Bh 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FA638FF7799h 0x00000012 jmp 00007FA638FF7796h 0x00000017 popad 0x00000018 pop edi 0x00000019 pushad 0x0000001a jne 00007FA638FF7792h 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68DE86 second address: 68DE9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1B1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68D8B6 second address: 68D8CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638FF778Fh 0x00000009 popad 0x0000000a pop ecx 0x0000000b push ecx 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69BCFC second address: 69BD00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A03E5 second address: 6A03EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A03EB second address: 6A03F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A03F5 second address: 6A03FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA638FF7786h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A5D73 second address: 6A5D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA638AEE1B2h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A5D7F second address: 6A5D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA638FF7786h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4574 second address: 6A4578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A49CF second address: 6A49F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FA638FF7786h 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA638FF778Fh 0x00000013 jng 00007FA638FF778Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A49F8 second address: 6A4A02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FA638AEE1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4C88 second address: 6A4C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4C8C second address: 6A4CA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4CA2 second address: 6A4CA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4DF0 second address: 6A4DF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4DF5 second address: 6A4E1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FA638FF7793h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA638FF778Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4FFA second address: 6A5006 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FA638AEE1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A5006 second address: 6A501C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA638FF778Fh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A5A89 second address: 6A5AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push esi 0x00000007 jng 00007FA638AEE1B5h 0x0000000d pushad 0x0000000e jne 00007FA638AEE1A6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A97D9 second address: 6A97DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A97DD second address: 6A97EB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 js 00007FA638AEE1A6h 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A97EB second address: 6A9836 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FA638FF7786h 0x00000009 jmp 00007FA638FF778Fh 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 jmp 00007FA638FF778Ah 0x0000001b js 00007FA638FF779Eh 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A9362 second address: 6A9367 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A9367 second address: 6A9388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jg 00007FA638FF7786h 0x00000012 jg 00007FA638FF7786h 0x00000018 popad 0x00000019 jns 00007FA638FF7788h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B7C2D second address: 6B7C31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C7F94 second address: 6C7F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7C1B second address: 5B7C21 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7C21 second address: 5B7C2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA638FF7786h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CA645 second address: 6CA649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CA649 second address: 6CA65C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 jl 00007FA638FF77CDh 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CA65C second address: 6CA691 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B2h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007FA638AEE1B9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0E31 second address: 6E0E3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0E3D second address: 6E0E41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DFD72 second address: 6DFD78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DFD78 second address: 6DFD82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0015 second address: 6E001D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E001D second address: 6E0023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E02E9 second address: 6E02ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E02ED second address: 6E02F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E02F5 second address: 6E0309 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c js 00007FA638FF7786h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0861 second address: 6E0865 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0865 second address: 6E088B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638FF778Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnc 00007FA638FF7791h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0B6A second address: 6E0B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1B9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E394D second address: 6E3964 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 je 00007FA638FF7786h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jc 00007FA638FF77A7h 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E39F4 second address: 6E3A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3A02 second address: 6E3A3A instructions: 0x00000000 rdtsc 0x00000002 je 00007FA638FF7788h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007FA638FF778Bh 0x00000015 mov eax, dword ptr [eax] 0x00000017 pushad 0x00000018 jmp 00007FA638FF7796h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3A3A second address: 6E3A3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3A3E second address: 6E3A4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3A4F second address: 6E3A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3A53 second address: 6E3A59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3C69 second address: 6E3CDA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FA638AEE1B9h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e jnp 00007FA638AEE1ACh 0x00000014 call 00007FA638AEE1B6h 0x00000019 mov edx, dword ptr [ebp+122D2D2Bh] 0x0000001f pop edx 0x00000020 push dword ptr [ebp+124553BBh] 0x00000026 call 00007FA638AEE1AAh 0x0000002b mov dword ptr [ebp+122D1843h], edx 0x00000031 pop edx 0x00000032 call 00007FA638AEE1A9h 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3CDA second address: 6E3CDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3CDE second address: 6E3CE8 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA638AEE1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3CE8 second address: 6E3CFB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA638FF7788h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pushad 0x0000000f popad 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E850D second address: 6E8531 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1ABh 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA638AEE1B3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E8531 second address: 6E853B instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA638FF7786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E853B second address: 6E854F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1AFh 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 601910 second address: 601916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 44CD46 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 61C625 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 6067AF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 67F6C3 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0044C9E9 rdtsc

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 2828	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3876	Thread sleep time: -30000s >= -30000s			Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.2092859906.00000000005D5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2092577797.0000000000CE4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2093855277.0000000000CE4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2093647788.0000000000CA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2092859906.00000000005D5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Hides threads from debuggers

Anti Debugging

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0044C9E9 rdtsc

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0042D770 LdrInitializeThunk,

0_2_0042D770

Source: file.exe, file.exe, 00000000.00000002.2092859906.00000000005D5000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Antivirus / Scanner detection for submitted sample

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
172.67.187.240	occupy-blushi.sbs	United States		13335	CLOUDFLARENETUS	false

Contacted Domains

Name	IP	Active
occupy-blushi.sbs	172.67.187.240	true
property-imper.sbs	unknown	unknown
frogs-severz.sbs	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://occupy-blushi.sbs/api	false		high

AV Detection

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: https://occupy-blushi.sbs:443/apiyG	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/apiws~	Avira URL Cloud: Label: malware
Source: https://occupy-blushi.sbs/api=	Avira URL Cloud: Label: malware

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Found inlined nop instructions (likely shell or obfuscated code)

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: unknown

HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.5:49704 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esp+eax-63695966h]	0_2_003FC110
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, cx	0_2_00428440
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov al, 01h	0_2_0042DF42
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax]	0_2_004180FF
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esi+edx]	0_2_0041A190
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp al, 2Eh	0_2_00416369
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebp, eax	0_2_003F6410
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push 00000000h	0_2_00418498
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+34h]	0_2_0040649B
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then push 00000000h	0_2_00418530
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_0040C5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [esi], cx	0_2_0040C5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [eax+edx]	0_2_0040E690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ecx+edi*8], 484CE391h	0_2_004307F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0041C7F9
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0041B455
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+ecx+34h]	0_2_00406882
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax-000000ADh]	0_2_00406882
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, word ptr [esp+0Ch]	0_2_0040C9F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, ecx	0_2_004069B8
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edx+ecx*8], 4F699CD4h	0_2_00430AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebp, word ptr [eax]	0_2_00430AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, dl	0_2_0040ABBA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [esp+ecx-102B7BDCh]	0_2_0040ECC0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp]	0_2_003F8CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edi, byte ptr [esp+ecx+04h]	0_2_00428CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042EDF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax-06409A34h]	0_2_00406E62
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042EF50
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+ecx+30h]	0_2_0040B0C3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042F0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042F1F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+edx+000000E8h]	0_2_003FF1F6
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, edx	0_2_0041719F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042F2D0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_0040B3E1
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edi]	0_2_0041D38F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edi]	0_2_0041D398
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0041B455
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], cl	0_2_0041B472
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], al	0_2_0041B472
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [ebx+eax+2D31F2E0h]	0_2_003FB46C
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 845FA972h	0_2_004095B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx esi, byte ptr [esp+eax+04h]	0_2_004095B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [edi+esi*8], 1B6183F2h	0_2_004095B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 8869E8E9h	0_2_004095B0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_003FB63A
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then inc ebx	0_2_0042F690
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebp+esi*8+00h], E6C7F7C6h	0_2_0042B7C0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [esi], al	0_2_0040B804
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ebx, byte ptr [edx]	0_2_004258F0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp word ptr [ebp+edi+02h], 0000h	0_2_00411890
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx ecx, byte ptr [esi+eax-4A2D609Fh]	0_2_0041D8BE
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+eax-4A2D609Fh]	0_2_0041D9C3
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esp+eax+34h]	0_2_004059CA
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ecx, eax	0_2_00411AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov word ptr [eax], cx	0_2_00411AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [ebx], cl	0_2_0041DAB4
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov ebx, dword ptr [edi+04h]	0_2_00419BB0
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then add ecx, edi	0_2_0041BC5F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov byte ptr [edi], al	0_2_0041BC5F
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp byte ptr [esi+ecx], 00000000h	0_2_0040DC60
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov dword ptr [esp], ecx	0_2_003FDC10
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then cmp dword ptr [ebx+edx*8], 1CE638E1h	0_2_0042FF70
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then movzx edx, byte ptr [esi+edi]	0_2_003F1F40
Source: C:\Users\user\Desktop\file.exe	Code function: 4x nop then mov eax, dword ptr [esp+18h]	0_2_00427FD0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2049836 - Severity 1 - ET MALWARE Lumma Stealer Related Activity : 192.168.2.5:49704 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2054653 - Severity 1 - ET MALWARE Lumma Stealer CnC Host Checkin : 192.168.2.5:49704 -> 172.67.187.240:443

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 172.67.187.240 172.67.187.240

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49705 -> 172.67.187.240:443
Source: Network traffic	Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.5:49704 -> 172.67.187.240:443

Uses a known web browser user agent for HTTP communication

Source: global traffic

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: property-imper.sbs
Source: global traffic	DNS traffic detected: DNS query: frogs-severz.sbs
Source: global traffic	DNS traffic detected: DNS query: occupy-blushi.sbs

Source: unknown

Source: file.exe, 00000000.00000003.2092494473.0000000000D2F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micro
Source: file.exe, 00000000.00000002.2093914762.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2092494473.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/
Source: file.exe, 00000000.00000002.2093914762.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2092494473.0000000000D3B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2093647788.0000000000CB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/api
Source: file.exe, 00000000.00000002.2093647788.0000000000CB8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/api=
Source: file.exe, 00000000.00000003.2092577797.0000000000CE4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2093855277.0000000000CE4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs/apiws~
Source: file.exe, 00000000.00000002.2093647788.0000000000CC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs:443/api
Source: file.exe, 00000000.00000002.2093647788.0000000000CC1000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://occupy-blushi.sbs:443/apiyG

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704

Source: unknown

HTTPS traffic detected: 172.67.187.240:443 -> 192.168.2.5:49704 version: TLS 1.2

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FC110	0_2_003FC110
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00428440	0_2_00428440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FB95B	0_2_003FB95B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F9FC0	0_2_003F9FC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050604B	0_2_0050604B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00508074	0_2_00508074
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FC067	0_2_004FC067
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061	0_2_004A0061
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C407D	0_2_004C407D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045A011	0_2_0045A011
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035	0_2_005C4035
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CE038	0_2_004CE038
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00492030	0_2_00492030
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004780CC	0_2_004780CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A0D8	0_2_0048A0D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005360EA	0_2_005360EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004180FF	0_2_004180FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045C081	0_2_0045C081
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052E09A	0_2_0052E09A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049A09D	0_2_0049A09D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045809C	0_2_0045809C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E20AE	0_2_004E20AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004280A0	0_2_004280A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F00A5	0_2_004F00A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005140A5	0_2_005140A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004760BA	0_2_004760BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052A151	0_2_0052A151
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00468141	0_2_00468141
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6140	0_2_004A6140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405F12	0_2_00405F12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B8179	0_2_004B8179
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046610E	0_2_0046610E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F411D	0_2_004F411D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046C11E	0_2_0046C11E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00538109	0_2_00538109
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00456118	0_2_00456118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F8120	0_2_004F8120
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00532128	0_2_00532128
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047013A	0_2_0047013A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047C1CC	0_2_0047C1CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047A1E2	0_2_0047A1E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004961E1	0_2_004961E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004981F8	0_2_004981F8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AA188	0_2_004AA188
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049418A	0_2_0049418A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC185	0_2_004AC185
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00520182	0_2_00520182
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C8192	0_2_004C8192
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EC1A8	0_2_004EC1A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048C1A2	0_2_0048C1A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005241A6	0_2_005241A6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E01B8	0_2_004E01B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00534246	0_2_00534246
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00482260	0_2_00482260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D8264	0_2_004D8264
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00490275	0_2_00490275
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FA217	0_2_004FA217
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CC233	0_2_004CC233
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005022DA	0_2_005022DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004722DD	0_2_004722DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050E2FE	0_2_0050E2FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005182FF	0_2_005182FF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BC2FE	0_2_004BC2FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B228D	0_2_004B228D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E82BA	0_2_004E82BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046034B	0_2_0046034B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00464357	0_2_00464357
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00416369	0_2_00416369
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00530378	0_2_00530378
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CA372	0_2_004CA372
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052431E	0_2_0052431E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050A303	0_2_0050A303
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BA31C	0_2_004BA31C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6312	0_2_004A6312
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC320	0_2_004AC320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005063D4	0_2_005063D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046E3CF	0_2_0046E3CF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004863C6	0_2_004863C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045E3D0	0_2_0045E3D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004883D4	0_2_004883D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C63FD	0_2_004C63FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B8383	0_2_004B8383
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C239B	0_2_004C239B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E43AA	0_2_004E43AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CE3A2	0_2_004CE3A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051044B	0_2_0051044B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F046E	0_2_004F046E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052E473	0_2_0052E473
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F6410	0_2_003F6410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049E40F	0_2_0049E40F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E2401	0_2_004E2401
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C4414	0_2_004C4414
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402422	0_2_00402422
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049243B	0_2_0049243B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A2438	0_2_004A2438
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005284DA	0_2_005284DA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FA4C6	0_2_004FA4C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EE4C4	0_2_004EE4C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C84DD	0_2_004C84DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F44A0	0_2_003F44A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005AE4FD	0_2_005AE4FD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B84F4	0_2_004B84F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AE49A	0_2_004AE49A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049A49E	0_2_0049A49E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050248E	0_2_0050248E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00496496	0_2_00496496
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005384BE	0_2_005384BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004624B7	0_2_004624B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00494556	0_2_00494556
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00430560	0_2_00430560
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00470575	0_2_00470575
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A8572	0_2_004A8572
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FE507	0_2_004FE507
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EA504	0_2_004EA504
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B4534	0_2_004B4534
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047C5C7	0_2_0047C5C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F45C1	0_2_004F45C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048C5DE	0_2_0048C5DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D05D6	0_2_004D05D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DC5EC	0_2_004DC5EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005325FE	0_2_005325FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F6587	0_2_004F6587
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F8581	0_2_004F8581
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AA5A8	0_2_004AA5A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004685B5	0_2_004685B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EC645	0_2_004EC645
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00538642	0_2_00538642
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CE66E	0_2_004CE66E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00462607	0_2_00462607
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049862C	0_2_0049862C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047E62B	0_2_0047E62B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00500627	0_2_00500627
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004806EE	0_2_004806EE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FC680	0_2_003FC680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00478680	0_2_00478680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050868F	0_2_0050868F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CC6A7	0_2_004CC6A7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052C6A3	0_2_0052C6A3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004266BA	0_2_004266BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048475A	0_2_0048475A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048675B	0_2_0048675B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E2755	0_2_004E2755
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046E77E	0_2_0046E77E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC717	0_2_004AC717
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00464722	0_2_00464722
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051673E	0_2_0051673E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051872F	0_2_0051872F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A27DC	0_2_004A27DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A87DD	0_2_004A87DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004187D9	0_2_004187D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D47ED	0_2_004D47ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051C7E3	0_2_0051C7E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004307F0	0_2_004307F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041C7F9	0_2_0041C7F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BC7F3	0_2_004BC7F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050E7EC	0_2_0050E7EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C0782	0_2_004C0782
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049E799	0_2_0049E799
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00534780	0_2_00534780
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B279E	0_2_004B279E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DA795	0_2_004DA795
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C67AD	0_2_004C67AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A07A5	0_2_004A07A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D27B4	0_2_004D27B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E87B4	0_2_004E87B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00502852	0_2_00502852
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045A840	0_2_0045A840
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D884B	0_2_004D884B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046284D	0_2_0046284D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00472867	0_2_00472867
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041B455	0_2_0041B455
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F881B	0_2_004F881B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BA83F	0_2_004BA83F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004948DC	0_2_004948DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004668E6	0_2_004668E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004968E7	0_2_004968E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051E8EB	0_2_0051E8EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406882	0_2_00406882
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048C89D	0_2_0048C89D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051A889	0_2_0051A889
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F08AB	0_2_004F08AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FA8C0	0_2_003FA8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00402940	0_2_00402940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050A95D	0_2_0050A95D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D6951	0_2_004D6951
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00416962	0_2_00416962
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00528975	0_2_00528975
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051297C	0_2_0051297C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048A97B	0_2_0048A97B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048E97E	0_2_0048E97E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B8902	0_2_004B8902
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053291C	0_2_0053291C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CC918	0_2_004CC918
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F6960	0_2_003F6960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00492921	0_2_00492921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EE927	0_2_004EE927
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C2921	0_2_004C2921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F8921	0_2_004F8921
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FC93C	0_2_004FC93C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047693D	0_2_0047693D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050C92B	0_2_0050C92B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005A69CC	0_2_005A69CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AE9F7	0_2_004AE9F7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F498A	0_2_004F498A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051C980	0_2_0051C980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C8994	0_2_004C8994
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B49AA	0_2_004B49AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC9AD	0_2_004AC9AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045A9B4	0_2_0045A9B4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E29BD	0_2_004E29BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004689B3	0_2_004689B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004069B8	0_2_004069B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6A4D	0_2_004A6A4D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00524A5B	0_2_00524A5B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045CA5F	0_2_0045CA5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DCA6D	0_2_004DCA6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00500A62	0_2_00500A62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D0A72	0_2_004D0A72
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046AA03	0_2_0046AA03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00498A01	0_2_00498A01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00522A18	0_2_00522A18
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B2A1B	0_2_004B2A1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00474A12	0_2_00474A12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00534A25	0_2_00534A25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00430AC0	0_2_00430AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00518AC6	0_2_00518AC6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00476AF5	0_2_00476AF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004ACA93	0_2_004ACA93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050AA8C	0_2_0050AA8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00520A8C	0_2_00520A8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DEABD	0_2_004DEABD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00538B63	0_2_00538B63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00516B14	0_2_00516B14
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052CB1A	0_2_0052CB1A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00458B15	0_2_00458B15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045EB25	0_2_0045EB25
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00486B2D	0_2_00486B2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C6B38	0_2_004C6B38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049EB37	0_2_0049EB37
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488BDF	0_2_00488BDF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C4BE5	0_2_004C4BE5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A2BFB	0_2_004A2BFB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BABF0	0_2_004BABF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00484B9D	0_2_00484B9D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0BAD	0_2_004A0BAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00504BBE	0_2_00504BBE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00472C5D	0_2_00472C5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00466C58	0_2_00466C58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FAC51	0_2_004FAC51
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F2C6B	0_2_004F2C6B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00456C63	0_2_00456C63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00508C77	0_2_00508C77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052AC7A	0_2_0052AC7A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00460C7B	0_2_00460C7B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052EC39	0_2_0052EC39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00420C30	0_2_00420C30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004ECC3D	0_2_004ECC3D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00524CF4	0_2_00524CF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005B4CE6	0_2_005B4CE6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050ECED	0_2_0050ECED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044CCFA	0_2_0044CCFA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F8CF0	0_2_003F8CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046ECA4	0_2_0046ECA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00428CA0	0_2_00428CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00538CA5	0_2_00538CA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041CCBF	0_2_0041CCBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B2D4B	0_2_004B2D4B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C0D47	0_2_004C0D47
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E2D5F	0_2_004E2D5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049AD5E	0_2_0049AD5E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E6D6D	0_2_004E6D6D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F2D00	0_2_003F2D00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00480D01	0_2_00480D01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051ED1B	0_2_0051ED1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BED09	0_2_005BED09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D8D19	0_2_004D8D19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00522D33	0_2_00522D33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00416D2A	0_2_00416D2A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046CD2D	0_2_0046CD2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FAD50	0_2_003FAD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00510D22	0_2_00510D22
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045AD33	0_2_0045AD33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047CDC3	0_2_0047CDC3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F0DCA	0_2_004F0DCA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00474DCF	0_2_00474DCF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FCDC5	0_2_004FCDC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F2DEC	0_2_004F2DEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00498DEE	0_2_00498DEE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00454DED	0_2_00454DED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C8DE3	0_2_004C8DE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042EDF0	0_2_0042EDF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00496DF3	0_2_00496DF3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00462DF9	0_2_00462DF9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00512DBF	0_2_00512DBF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D0DB8	0_2_004D0DB8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00528DA5	0_2_00528DA5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00420E40	0_2_00420E40
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049CE42	0_2_0049CE42
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00476E5C	0_2_00476E5C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00492E68	0_2_00492E68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406E62	0_2_00406E62
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D4E6F	0_2_004D4E6F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00508E00	0_2_00508E00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A4E19	0_2_004A4E19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DCE17	0_2_004DCE17
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6E16	0_2_004A6E16
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412E20	0_2_00412E20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046AE2D	0_2_0046AE2D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048CE33	0_2_0048CE33
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EEC0	0_2_0040EEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042AEC0	0_2_0042AEC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E2EC9	0_2_004E2EC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045AECE	0_2_0045AECE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057CED8	0_2_0057CED8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CEEDE	0_2_004CEEDE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00516EC9	0_2_00516EC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00478EDC	0_2_00478EDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048AEE1	0_2_0048AEE1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046CEEA	0_2_0046CEEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D2E94	0_2_004D2E94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F4E93	0_2_004F4E93
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00520EB4	0_2_00520EB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B6EA4	0_2_004B6EA4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040CF50	0_2_0040CF50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042EF50	0_2_0042EF50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A8F5F	0_2_004A8F5F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00408F57	0_2_00408F57
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047CF6E	0_2_0047CF6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00410F70	0_2_00410F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E4F70	0_2_004E4F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00422F00	0_2_00422F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052CF15	0_2_0052CF15
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F4F60	0_2_003F4F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C6F22	0_2_004C6F22
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00528F2E	0_2_00528F2E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00500FCC	0_2_00500FCC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BCFD5	0_2_004BCFD5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00418FE0	0_2_00418FE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F8FEC	0_2_004F8FEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046EFF4	0_2_0046EFF4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E0FF2	0_2_004E0FF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00504FEC	0_2_00504FEC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00506F95	0_2_00506F95
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CCF81	0_2_004CCF81
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00488F9F	0_2_00488F9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A6FBC	0_2_004A6FBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E8FB6	0_2_004E8FB6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048F04B	0_2_0048F04B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B504C	0_2_004B504C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00517046	0_2_00517046
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FF06D	0_2_004FF06D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DF062	0_2_004DF062
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C1078	0_2_004C1078
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046307D	0_2_0046307D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045D078	0_2_0045D078
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00457001	0_2_00457001
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D5010	0_2_004D5010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042F0D0	0_2_0042F0D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F30A0	0_2_003F30A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047F0F1	0_2_0047F0F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C3094	0_2_004C3094
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051508D	0_2_0051508D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00415140	0_2_00415140
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481149	0_2_00481149
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00503154	0_2_00503154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051F155	0_2_0051F155
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00417149	0_2_00417149
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00455151	0_2_00455151
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049B15D	0_2_0049B15D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00427154	0_2_00427154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BB152	0_2_004BB152
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051314D	0_2_0051314D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B3154	0_2_004B3154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F3176	0_2_004F3176
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F710A	0_2_004F710A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409113	0_2_00409113
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050F103	0_2_0050F103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DB119	0_2_004DB119
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A3112	0_2_004A3112
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0053913F	0_2_0053913F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049F138	0_2_0049F138
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00527120	0_2_00527120
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B113F	0_2_004B113F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A113D	0_2_004A113D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D7134	0_2_004D7134
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050B1D6	0_2_0050B1D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004871C4	0_2_004871C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DD1D1	0_2_004DD1D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004691E4	0_2_004691E4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AF1E8	0_2_004AF1E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005291FE	0_2_005291FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005BD1F5	0_2_005BD1F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042F1F0	0_2_0042F1F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004651F2	0_2_004651F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E31F5	0_2_004E31F5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FF1F6	0_2_003FF1F6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041719F	0_2_0041719F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F51AD	0_2_004F51AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D91A5	0_2_004D91A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004971B7	0_2_004971B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F4F60	0_2_003F4F60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048D240	0_2_0048D240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D1264	0_2_004D1264
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E720F	0_2_004E720F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049320C	0_2_0049320C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00467222	0_2_00467222
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049922F	0_2_0049922F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C5230	0_2_004C5230
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FD2CD	0_2_004FD2CD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042F2D0	0_2_0042F2D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A52D2	0_2_004A52D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004852E5	0_2_004852E5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047B2F4	0_2_0047B2F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EB2F0	0_2_004EB2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D280	0_2_0040D280
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00513294	0_2_00513294
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00433288	0_2_00433288
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00509286	0_2_00509286
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AB297	0_2_004AB297
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052D2B3	0_2_0052D2B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00537365	0_2_00537365
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00461318	0_2_00461318
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BF33E	0_2_004BF33E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DF33A	0_2_004DF33A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052B3D0	0_2_0052B3D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004573CC	0_2_004573CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A73C5	0_2_004A73C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C73FB	0_2_004C73FB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FD3F2	0_2_004FD3F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F938A	0_2_004F938A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E5385	0_2_004E5385
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047D38B	0_2_0047D38B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00535387	0_2_00535387
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00429397	0_2_00429397
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041D398	0_2_0041D398
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048B3A2	0_2_0048B3A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00515443	0_2_00515443
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041B455	0_2_0041B455
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00463452	0_2_00463452
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046545E	0_2_0046545E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052744F	0_2_0052744F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0048F470	0_2_0048F470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049B470	0_2_0049B470
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045D418	0_2_0045D418
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A9422	0_2_004A9422
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040742C	0_2_0040742C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D5435	0_2_004D5435
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BD4CB	0_2_004BD4CB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EF4C7	0_2_004EF4C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049548B	0_2_0049548B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F348D	0_2_004F348D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DF489	0_2_004DF489
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050548B	0_2_0050548B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FF4BE	0_2_004FF4BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005214A5	0_2_005214A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FB4B3	0_2_004FB4B3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00413540	0_2_00413540
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045556C	0_2_0045556C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00491571	0_2_00491571
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0052F56D	0_2_0052F56D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046F501	0_2_0046F501
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00475517	0_2_00475517
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C1514	0_2_004C1514
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00477520	0_2_00477520
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050B539	0_2_0050B539
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050F527	0_2_0050F527
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004FF5CE	0_2_004FF5CE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047B5D7	0_2_0047B5D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004715E2	0_2_004715E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C35E0	0_2_004C35E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00511588	0_2_00511588
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045D59F	0_2_0045D59F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004095B0	0_2_004095B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005335A4	0_2_005335A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004875B2	0_2_004875B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004595BA	0_2_004595BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A35B5	0_2_004A35B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BD640	0_2_004BD640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051B643	0_2_0051B643
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BB672	0_2_004BB672
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B7671	0_2_004B7671
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DB673	0_2_004DB673
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EF609	0_2_004EF609
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047960D	0_2_0047960D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046D60A	0_2_0046D60A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051F61C	0_2_0051F61C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A161B	0_2_004A161B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004DD615	0_2_004DD615
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0045B632	0_2_0045B632
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004976C5	0_2_004976C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005196C5	0_2_005196C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C56D5	0_2_004C56D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CB6EB	0_2_004CB6EB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004CF6E7	0_2_004CF6E7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005136E6	0_2_005136E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004676FE	0_2_004676FE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B36F0	0_2_004B36F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042F690	0_2_0042F690
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049F693	0_2_0049F693
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004E9695	0_2_004E9695

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 003F97C0 appears 48 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00404D10 appears 75 times

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe	Static PE information: Section: ZLIB complexity 0.9982796978476821
Source: file.exe	Static PE information: Section: ywhcmywm ZLIB complexity 0.9944042879674673

Source: classification engine

Classification label: mal100.evad.winEXE@1/0@3/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_004210F0 CoCreateInstance,

0_2_004210F0

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe

File read: C:\Users\user\Desktop\file.exe

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: webio.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior

Source: file.exe

Static file information: File size 1853952 > 1048576

Source: file.exe

Static PE information: Raw size of ywhcmywm is bigger than: 0x100000 < 0x19b200

Data Obfuscation

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.3f0000.0.unpack :EW;.rsrc:W;.idata :W; :EW;ywhcmywm:EW;xzxnvjwq:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;ywhcmywm:EW;xzxnvjwq:EW;.taggant:EW;

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1d458b should be: 0x1d0587

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: ywhcmywm
Source: file.exe	Static PE information: section name: xzxnvjwq
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0044D84B push 2CEBF992h; mov dword ptr [esp], ecx	0_2_0044DB67
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00636078 push 3537DDBDh; mov dword ptr [esp], esp	0_2_00636180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00636078 push 2CCE6056h; mov dword ptr [esp], ecx	0_2_006361A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00636046 push 46CF86E1h; mov dword ptr [esp], ecx	0_2_006360E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00636046 push edi; mov dword ptr [esp], esp	0_2_00636108
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061 push edx; mov dword ptr [esp], ebp	0_2_004A058C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061 push eax; mov dword ptr [esp], edi	0_2_004A0608
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061 push ecx; mov dword ptr [esp], 00000075h	0_2_004A0632
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061 push ebx; mov dword ptr [esp], ecx	0_2_004A06D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A0061 push ebp; mov dword ptr [esp], edx	0_2_004A072D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00452074 push edi; mov dword ptr [esp], 18FA2100h	0_2_00452B23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005D0009 push 59C93DE4h; mov dword ptr [esp], esi	0_2_005D005A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push edx; mov dword ptr [esp], esi	0_2_005C405C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 3BDA560Ah; mov dword ptr [esp], ecx	0_2_005C4130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ebp; mov dword ptr [esp], ecx	0_2_005C415B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ecx; mov dword ptr [esp], ebp	0_2_005C417B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 1A6A759Eh; mov dword ptr [esp], ebp	0_2_005C41D7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ecx; mov dword ptr [esp], 7FE2B505h	0_2_005C4200
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 2551ACB9h; mov dword ptr [esp], eax	0_2_005C42AB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ebx; mov dword ptr [esp], edx	0_2_005C42D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ecx; mov dword ptr [esp], eax	0_2_005C431C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ebx; mov dword ptr [esp], esi	0_2_005C434E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 08CF5C93h; mov dword ptr [esp], edx	0_2_005C439D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 161FFC55h; mov dword ptr [esp], ecx	0_2_005C43D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 502DEE68h; mov dword ptr [esp], ebx	0_2_005C43FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ecx; mov dword ptr [esp], eax	0_2_005C4411
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push ebp; mov dword ptr [esp], esi	0_2_005C447D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 2B7B11C3h; mov dword ptr [esp], esi	0_2_005C449F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push edx; mov dword ptr [esp], ebx	0_2_005C4525
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push edx; mov dword ptr [esp], ecx	0_2_005C4599
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005C4035 push 757E587Ch; mov dword ptr [esp], edx	0_2_005C4611

Source: file.exe	Static PE information: section name: entropy: 7.985563544091334
Source: file.exe	Static PE information: section name: ywhcmywm entropy: 7.954389595929918

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information set: NOOPENFILEERRORBOX

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Malware Analysis System Evasion

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44D4E4 second address: 44D4F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CBEE8 second address: 5CBEEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CBEEC second address: 5CBF09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007FA638FF778Fh 0x0000000c jnc 00007FA638FF7786h 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB3A3 second address: 5CB3A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB3A7 second address: 5CB3AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB3AB second address: 5CB3B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB3B3 second address: 5CB3B9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB52A second address: 5CB53C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1AAh 0x00000009 popad 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CB53C second address: 5CB57E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop edi 0x00000008 push ebx 0x00000009 jmp 00007FA638FF778Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA638FF7792h 0x00000015 jmp 00007FA638FF7799h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE06C second address: 5CE0C1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnc 00007FA638AEE1BEh 0x0000000d nop 0x0000000e mov edx, 71323B1Ch 0x00000013 push 00000000h 0x00000015 push esi 0x00000016 mov ecx, dword ptr [ebp+122D2EB7h] 0x0000001c pop ecx 0x0000001d call 00007FA638AEE1A9h 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 jmp 00007FA638AEE1B2h 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE0C1 second address: 5CE0C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE0C6 second address: 5CE0CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE0CC second address: 5CE0D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE0D0 second address: 5CE101 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e push edi 0x0000000f push edx 0x00000010 pop edx 0x00000011 pop edi 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007FA638AEE1B7h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CE101 second address: 5CE105 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EEB98 second address: 5EEBA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EEBA6 second address: 5EEBCD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jc 00007FA638FF7798h 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FA638FF7790h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ECF10 second address: 5ECF38 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA638AEE1A6h 0x00000008 jmp 00007FA638AEE1B2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA638AEE1AAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ECF38 second address: 5ECF3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ECF3C second address: 5ECF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jnl 00007FA638AEE1A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED1F4 second address: 5ED1FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED1FA second address: 5ED1FF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED723 second address: 5ED727 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED896 second address: 5ED89B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED89B second address: 5ED8A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED9F1 second address: 5ED9F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5ED9F7 second address: 5EDA0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA638FF778Ah 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDA0A second address: 5EDA1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007FA638AEE1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDA1A second address: 5EDA20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDC77 second address: 5EDC7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDC7C second address: 5EDC82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDC82 second address: 5EDC86 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDDED second address: 5EDE0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 push ecx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jmp 00007FA638FF778Fh 0x0000000f pop ecx 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5EDE0C second address: 5EDE12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BCCD3 second address: 5BCCDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BCCDE second address: 5BCD11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA638AEE1A6h 0x0000000a popad 0x0000000b push ebx 0x0000000c jg 00007FA638AEE1A6h 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 jg 00007FA638AEE1A8h 0x0000001b push edi 0x0000001c jmp 00007FA638AEE1B3h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5C83 second address: 5F5C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F49FF second address: 5F4A04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5202 second address: 5F5206 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F5206 second address: 5F5232 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jno 00007FA638AEE1B1h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F632A second address: 5F635A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e jmp 00007FA638FF7799h 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5F64BF second address: 5F64C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FCD03 second address: 5FCD0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FA638FF7786h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD16D second address: 5FD171 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD471 second address: 5FD482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FA638FF7786h 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FD482 second address: 5FD496 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1AAh 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6B0 second address: 5FE6B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6B7 second address: 5FE6D7 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA638AEE1ACh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push esi 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop edx 0x00000010 pop esi 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 push ebx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6D7 second address: 5FE6DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6DC second address: 5FE6E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6E2 second address: 5FE6E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE6E6 second address: 5FE70B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FE70B second address: 5FE70F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEAB7 second address: 5FEABB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEBBD second address: 5FEBC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEBC1 second address: 5FEBE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007FA638AEE1ACh 0x0000000c jnl 00007FA638AEE1A6h 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jns 00007FA638AEE1ACh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEBE3 second address: 5FEBFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA638FF7796h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FEC87 second address: 5FECA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA638AEE1B7h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FECA5 second address: 5FECB3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FFAA6 second address: 5FFAB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FFAB2 second address: 5FFAB8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5FFF9C second address: 5FFFA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 601AE3 second address: 601B62 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA638FF778Dh 0x00000008 jc 00007FA638FF7786h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], eax 0x00000014 push 00000000h 0x00000016 push edx 0x00000017 call 00007FA638FF7788h 0x0000001c pop edx 0x0000001d mov dword ptr [esp+04h], edx 0x00000021 add dword ptr [esp+04h], 00000015h 0x00000029 inc edx 0x0000002a push edx 0x0000002b ret 0x0000002c pop edx 0x0000002d ret 0x0000002e jmp 00007FA638FF7799h 0x00000033 or dword ptr [ebp+122D2A48h], ecx 0x00000039 push 00000000h 0x0000003b jmp 00007FA638FF7790h 0x00000040 push 00000000h 0x00000042 mov di, 0AF6h 0x00000046 push eax 0x00000047 push eax 0x00000048 push edx 0x00000049 jo 00007FA638FF778Ch 0x0000004f jp 00007FA638FF7786h 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603105 second address: 60310B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60310B second address: 603132 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d mov dword ptr [ebp+12480CE0h], ecx 0x00000013 push 00000000h 0x00000015 jbe 00007FA638FF778Ch 0x0000001b mov dword ptr [ebp+122D3C9Bh], ecx 0x00000021 xchg eax, ebx 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60234B second address: 602352 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 602352 second address: 602357 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603C0D second address: 603C2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1B9h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603C2B second address: 603C30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 603C30 second address: 603C36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6092F1 second address: 6092F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6092F5 second address: 6092FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6092FB second address: 60934C instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA638FF7786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f push 00000000h 0x00000011 push ebp 0x00000012 call 00007FA638FF7788h 0x00000017 pop ebp 0x00000018 mov dword ptr [esp+04h], ebp 0x0000001c add dword ptr [esp+04h], 00000017h 0x00000024 inc ebp 0x00000025 push ebp 0x00000026 ret 0x00000027 pop ebp 0x00000028 ret 0x00000029 jmp 00007FA638FF778Dh 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edi 0x00000033 mov dword ptr [ebp+122D31ABh], ecx 0x00000039 pop ebx 0x0000003a push eax 0x0000003b pushad 0x0000003c push eax 0x0000003d push edx 0x0000003e jc 00007FA638FF7786h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60934C second address: 60935B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA638AEE1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60A33E second address: 60A358 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA638FF7796h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60A358 second address: 60A36A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jc 00007FA638AEE1AEh 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B26A second address: 60B26E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60949D second address: 6094A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6094A1 second address: 6094A7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6094A7 second address: 6094AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B4F0 second address: 60B4F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60C38A second address: 60C38E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B4F6 second address: 60B4FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60D177 second address: 60D1DE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov di, 4461h 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007FA638AEE1A8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b mov dword ptr [ebp+122D397Ah], eax 0x00000031 mov ebx, dword ptr [ebp+122D1CB9h] 0x00000037 push 00000000h 0x00000039 xor dword ptr [ebp+122D3CA8h], edx 0x0000003f xchg eax, esi 0x00000040 pushad 0x00000041 jns 00007FA638AEE1BAh 0x00000047 push eax 0x00000048 push edx 0x00000049 jns 00007FA638AEE1A6h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60C38E second address: 60C399 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FA638FF7786h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B4FA second address: 60B50D instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA638AEE1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60D1DE second address: 60D1E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B50D second address: 60B517 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA638AEE1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60B517 second address: 60B51D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E193 second address: 60E197 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E197 second address: 60E19D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E19D second address: 60E1A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA638AEE1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E509 second address: 60E528 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA638FF778Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60E528 second address: 60E52C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6104B0 second address: 6104D4 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jno 00007FA638FF7786h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA638FF7794h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6143C6 second address: 6143D5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 611594 second address: 61159A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 614567 second address: 61456D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61542E second address: 615432 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 615432 second address: 61543C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 616399 second address: 61639D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61639D second address: 6163A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6155A9 second address: 6155AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6155AD second address: 6155B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617462 second address: 617466 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617466 second address: 6174EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA638AEE1B6h 0x0000000b popad 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push eax 0x00000010 call 00007FA638AEE1A8h 0x00000015 pop eax 0x00000016 mov dword ptr [esp+04h], eax 0x0000001a add dword ptr [esp+04h], 0000001Ah 0x00000022 inc eax 0x00000023 push eax 0x00000024 ret 0x00000025 pop eax 0x00000026 ret 0x00000027 sub dword ptr [ebp+122D1904h], edx 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push esi 0x00000032 call 00007FA638AEE1A8h 0x00000037 pop esi 0x00000038 mov dword ptr [esp+04h], esi 0x0000003c add dword ptr [esp+04h], 00000019h 0x00000044 inc esi 0x00000045 push esi 0x00000046 ret 0x00000047 pop esi 0x00000048 ret 0x00000049 mov bh, 7Bh 0x0000004b push 00000000h 0x0000004d mov ebx, 73905F70h 0x00000052 xchg eax, esi 0x00000053 push eax 0x00000054 push edx 0x00000055 jnp 00007FA638AEE1B4h 0x0000005b jmp 00007FA638AEE1AEh 0x00000060 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6174EF second address: 617509 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA638FF7788h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA638FF778Bh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 617509 second address: 61750E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6183D7 second address: 6183E1 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA638FF7786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61855F second address: 618564 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61FCA9 second address: 61FCAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C6D39 second address: 5C6D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 61F437 second address: 61F45D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jbe 00007FA638FF7786h 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007FA638FF778Eh 0x00000015 jng 00007FA638FF7786h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 626F50 second address: 626F55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 628593 second address: 6285C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF7798h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FA638FF7794h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6285C5 second address: 6285C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C0DC second address: 62C127 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638FF7790h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FA638FF7792h 0x00000014 pop edx 0x00000015 popad 0x00000016 pushad 0x00000017 jmp 00007FA638FF778Dh 0x0000001c jmp 00007FA638FF778Ah 0x00000021 pushad 0x00000022 pushad 0x00000023 popad 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C68D second address: 62C6B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007FA638AEE1AFh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C6B8 second address: 62C6BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C6BC second address: 62C6CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007FA638AEE1A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62C6CA second address: 62C6DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CD73 second address: 62CD77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CD77 second address: 62CD90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jno 00007FA638FF7786h 0x0000000e jmp 00007FA638FF778Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CF4C second address: 62CF56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA638AEE1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62CF56 second address: 62CF6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b pop edx 0x0000000c jnp 00007FA638FF7786h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62D228 second address: 62D244 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA638AEE1AAh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62D244 second address: 62D256 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 62D256 second address: 62D28E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B4h 0x00000007 pushad 0x00000008 jc 00007FA638AEE1A6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 popad 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push eax 0x00000014 push edx 0x00000015 jns 00007FA638AEE1AAh 0x0000001b pushad 0x0000001c push ecx 0x0000001d pop ecx 0x0000001e jnl 00007FA638AEE1A6h 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C02FF second address: 5C0351 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Eh 0x00000007 jmp 00007FA638FF7798h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA638FF778Dh 0x00000015 jmp 00007FA638FF7799h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C0351 second address: 5C0369 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C0369 second address: 5C0373 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FA638FF77A4h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63213E second address: 632152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1B0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632152 second address: 632184 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007FA638FF778Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FA638FF7792h 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632184 second address: 63218E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA638AEE1A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6325D6 second address: 6325E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ch 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632718 second address: 632729 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 ja 00007FA638AEE1A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632729 second address: 63272F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63272F second address: 632778 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007FA638AEE1AAh 0x0000000a jnp 00007FA638AEE1B7h 0x00000010 jmp 00007FA638AEE1AFh 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b jg 00007FA638AEE1A6h 0x00000021 jmp 00007FA638AEE1B8h 0x00000026 pop esi 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632778 second address: 632796 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF7799h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632A36 second address: 632A4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B1h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632BBD second address: 632BC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632BC2 second address: 632BC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632EBE second address: 632ECA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 632ECA second address: 632ECE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E33D8 second address: 5E33EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 jmp 00007FA638FF778Bh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635135 second address: 635139 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 635139 second address: 63513D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63513D second address: 635149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 pop eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B4820 second address: 5B4829 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B4829 second address: 5B4833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A416 second address: 63A434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FA638FF7786h 0x0000000a jmp 00007FA638FF778Eh 0x0000000f popad 0x00000010 push ecx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A434 second address: 63A439 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A439 second address: 63A44A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007FA638FF7786h 0x00000009 jnp 00007FA638FF7786h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63A44A second address: 63A450 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63900C second address: 63901A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jnp 00007FA638FF7786h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 63901A second address: 63902D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA638AEE1ACh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 639C57 second address: 639C5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 639C5B second address: 639C61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 639D90 second address: 639D94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 639EC1 second address: 639EC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64443F second address: 644443 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644443 second address: 64446E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1ACh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a je 00007FA638AEE1A6h 0x00000010 js 00007FA638AEE1A6h 0x00000016 popad 0x00000017 pushad 0x00000018 pushad 0x00000019 popad 0x0000001a jnc 00007FA638AEE1A6h 0x00000020 push ebx 0x00000021 pop ebx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 60658D second address: 606591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606591 second address: 60659B instructions: 0x00000000 rdtsc 0x00000002 jno 00007FA638AEE1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6067F4 second address: 6067F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6067F8 second address: 6067FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606C6B second address: 606C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606C6F second address: 606C82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jne 00007FA638AEE1A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 606C82 second address: 606CC0 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA638FF7786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007FA638FF7796h 0x00000010 pop esi 0x00000011 popad 0x00000012 mov eax, dword ptr [eax] 0x00000014 jmp 00007FA638FF778Bh 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d push eax 0x0000001e push edx 0x0000001f jnp 00007FA638FF7788h 0x00000025 push edx 0x00000026 pop edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6070BA second address: 6070C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA638AEE1A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644742 second address: 644765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FA638FF7786h 0x0000000d jmp 00007FA638FF7796h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6448C0 second address: 6448C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6448C4 second address: 6448C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6448C8 second address: 6448DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FA638AEE1AEh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6448DE second address: 6448F4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA638FF778Ch 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6448F4 second address: 644904 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007FA638AEE1A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644904 second address: 644908 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644A75 second address: 644A90 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B5h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644A90 second address: 644AAB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF7794h 0x00000007 push esi 0x00000008 push eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644D22 second address: 644D26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644D26 second address: 644D36 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FA638FF7786h 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644EA2 second address: 644EAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FA638AEE1A6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 644EAE second address: 644EBA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 645148 second address: 64514E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64514E second address: 645158 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 645158 second address: 645162 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA638AEE1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 645162 second address: 645181 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF7797h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B2C9F second address: 5B2CA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B2CA3 second address: 5B2CA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B2CA7 second address: 5B2CC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jmp 00007FA638AEE1AEh 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64A88F second address: 64A894 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64E586 second address: 64E58A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64E58A second address: 64E58E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64E58E second address: 64E599 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9648 second address: 5B964C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B964C second address: 5B9655 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64DCFE second address: 64DD0B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push edx 0x00000008 push eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64E2C8 second address: 64E2E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FA638AEE1B8h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 64E2E7 second address: 64E2EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652AAE second address: 652AC3 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA638AEE1ACh 0x00000008 js 00007FA638AEE1A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652AC3 second address: 652ACE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652C2B second address: 652C44 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA638AEE1B4h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652D8C second address: 652DA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007FA638FF778Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652DA5 second address: 652DAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 652DAB second address: 652DB2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6072CD second address: 6072E2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 jnc 00007FA638AEE1A8h 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6072E2 second address: 607319 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a nop 0x0000000b mov ecx, dword ptr [ebp+122D318Ah] 0x00000011 push 00000004h 0x00000013 nop 0x00000014 jmp 00007FA638FF7794h 0x00000019 push eax 0x0000001a push ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 607319 second address: 60731D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657B61 second address: 657B66 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657B66 second address: 657B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1AAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657B76 second address: 657B7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C388E second address: 5C38A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jg 00007FA638AEE1A6h 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C38A3 second address: 5C38B7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA638FF7786h 0x00000008 jnl 00007FA638FF7786h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C38B7 second address: 5C38BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657039 second address: 657071 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF7792h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA638FF778Bh 0x0000000e popad 0x0000000f pushad 0x00000010 pushad 0x00000011 jmp 00007FA638FF778Eh 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657071 second address: 657077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65744D second address: 657451 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657451 second address: 657457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657457 second address: 657482 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FA638FF7794h 0x0000000e jmp 00007FA638FF778Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657482 second address: 657494 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1ADh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 657494 second address: 6574A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA638FF7786h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 660607 second address: 660620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FA638AEE1B3h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65E5FA second address: 65E600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65E600 second address: 65E606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EC1B second address: 65EC21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EF2B second address: 65EF33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65EF33 second address: 65EF38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F4FD second address: 65F535 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA638AEE1B1h 0x0000000e pop esi 0x0000000f jng 00007FA638AEE1BEh 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F7DA second address: 65F7EF instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA638FF7786h 0x00000008 jne 00007FA638FF7786h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F7EF second address: 65F7F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65F7F4 second address: 65F81A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA638FF7788h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edi 0x0000000f jmp 00007FA638FF7796h 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 65FABC second address: 65FAC1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66006D second address: 660085 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ah 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007FA638FF7786h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66363E second address: 663688 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007FA638AEE1C0h 0x0000000d jnc 00007FA638AEE1BFh 0x00000013 jmp 00007FA638AEE1B3h 0x00000018 jno 00007FA638AEE1A6h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663688 second address: 66368C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66368C second address: 663692 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663AC2 second address: 663AD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnl 00007FA638FF7792h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663AD9 second address: 663AF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FA638AEE1A6h 0x00000009 push eax 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA638AEE1B2h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 663AF9 second address: 663AFD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C1E81 second address: 5C1E92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebx 0x00000009 jc 00007FA638AEE1A6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E277 second address: 66E27C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E27C second address: 66E286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E6B4 second address: 66E6B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E6B8 second address: 66E6D6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007FA638AEE1AEh 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E6D6 second address: 66E6DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66E8D2 second address: 66E8EF instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jo 00007FA638AEE1A6h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA638AEE1ABh 0x00000011 jnl 00007FA638AEE1A6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66EE4A second address: 66EE50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 66DCFC second address: 66DD04 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 673CB8 second address: 673CC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67CD1F second address: 67CD2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1ACh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67CD2F second address: 67CD33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67CD33 second address: 67CD3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67C763 second address: 67C769 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67C769 second address: 67C790 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jng 00007FA638AEE1A6h 0x0000000e jmp 00007FA638AEE1B9h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67CA51 second address: 67CA7C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ah 0x00000007 pushad 0x00000008 jp 00007FA638FF7786h 0x0000000e jmp 00007FA638FF7796h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67ED46 second address: 67ED5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1B2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67ED5C second address: 67ED73 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FA638FF7786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA638FF778Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 67ED73 second address: 67EDB0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA638AEE1B4h 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007FA638AEE1B9h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 je 00007FA638AEE1A6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A884 second address: 68A88A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A88A second address: 68A8D3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA638AEE1ADh 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007FA638AEE1B9h 0x00000015 ja 00007FA638AEE1A6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5BE883 second address: 5BE8A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638FF778Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007FA638FF7792h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68A58C second address: 68A596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FA638AEE1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68DE2B second address: 68DE86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638FF778Bh 0x00000009 pop ebx 0x0000000a pushad 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d jmp 00007FA638FF7799h 0x00000012 jmp 00007FA638FF7796h 0x00000017 popad 0x00000018 pop edi 0x00000019 pushad 0x0000001a jne 00007FA638FF7792h 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68DE86 second address: 68DE9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1B1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 68D8B6 second address: 68D8CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638FF778Fh 0x00000009 popad 0x0000000a pop ecx 0x0000000b push ecx 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 69BCFC second address: 69BD00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A03E5 second address: 6A03EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A03EB second address: 6A03F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A03F5 second address: 6A03FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA638FF7786h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A5D73 second address: 6A5D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FA638AEE1B2h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A5D7F second address: 6A5D8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA638FF7786h 0x0000000a pop eax 0x0000000b push eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4574 second address: 6A4578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A49CF second address: 6A49F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FA638FF7786h 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA638FF778Fh 0x00000013 jng 00007FA638FF778Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A49F8 second address: 6A4A02 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007FA638AEE1A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4C88 second address: 6A4C8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4C8C second address: 6A4CA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4CA2 second address: 6A4CA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4DF0 second address: 6A4DF5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4DF5 second address: 6A4E1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FA638FF7793h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA638FF778Ah 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A4FFA second address: 6A5006 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FA638AEE1A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A5006 second address: 6A501C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA638FF778Fh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A5A89 second address: 6A5AAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push esi 0x00000007 jng 00007FA638AEE1B5h 0x0000000d pushad 0x0000000e jne 00007FA638AEE1A6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A97D9 second address: 6A97DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A97DD second address: 6A97EB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 js 00007FA638AEE1A6h 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A97EB second address: 6A9836 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jc 00007FA638FF7786h 0x00000009 jmp 00007FA638FF778Fh 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push edi 0x00000011 pop edi 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 jmp 00007FA638FF778Ah 0x0000001b js 00007FA638FF779Eh 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A9362 second address: 6A9367 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6A9367 second address: 6A9388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jg 00007FA638FF7786h 0x00000012 jg 00007FA638FF7786h 0x00000018 popad 0x00000019 jns 00007FA638FF7788h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6B7C2D second address: 6B7C31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6C7F94 second address: 6C7F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7C1B second address: 5B7C21 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B7C21 second address: 5B7C2B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007FA638FF7786h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CA645 second address: 6CA649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CA649 second address: 6CA65C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 jl 00007FA638FF77CDh 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 pop esi 0x00000011 push edi 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6CA65C second address: 6CA691 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1B2h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007FA638AEE1B9h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0E31 second address: 6E0E3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0E3D second address: 6E0E41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DFD72 second address: 6DFD78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6DFD78 second address: 6DFD82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push edi 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0015 second address: 6E001D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E001D second address: 6E0023 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E02E9 second address: 6E02ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E02ED second address: 6E02F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E02F5 second address: 6E0309 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c js 00007FA638FF7786h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0861 second address: 6E0865 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0865 second address: 6E088B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638FF778Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnc 00007FA638FF7791h 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E0B6A second address: 6E0B89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1B9h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E394D second address: 6E3964 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 je 00007FA638FF7786h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jc 00007FA638FF77A7h 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E39F4 second address: 6E3A02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3A02 second address: 6E3A3A instructions: 0x00000000 rdtsc 0x00000002 je 00007FA638FF7788h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jmp 00007FA638FF778Bh 0x00000015 mov eax, dword ptr [eax] 0x00000017 pushad 0x00000018 jmp 00007FA638FF7796h 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3A3A second address: 6E3A3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3A3E second address: 6E3A4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3A4F second address: 6E3A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3A53 second address: 6E3A59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3C69 second address: 6E3CDA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FA638AEE1B9h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e jnp 00007FA638AEE1ACh 0x00000014 call 00007FA638AEE1B6h 0x00000019 mov edx, dword ptr [ebp+122D2D2Bh] 0x0000001f pop edx 0x00000020 push dword ptr [ebp+124553BBh] 0x00000026 call 00007FA638AEE1AAh 0x0000002b mov dword ptr [ebp+122D1843h], edx 0x00000031 pop edx 0x00000032 call 00007FA638AEE1A9h 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3CDA second address: 6E3CDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3CDE second address: 6E3CE8 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA638AEE1A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E3CE8 second address: 6E3CFB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA638FF7788h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pushad 0x0000000f popad 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E850D second address: 6E8531 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA638AEE1ABh 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FA638AEE1B3h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E8531 second address: 6E853B instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA638FF7786h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 6E853B second address: 6E854F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA638AEE1AFh 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 601910 second address: 601916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 44CD46 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 61C625 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 6067AF instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 67F6C3 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0044C9E9 rdtsc

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 2828	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 3876	Thread sleep time: -30000s >= -30000s			Jump to behavior

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Source: C:\Users\user\Desktop\file.exe

WMI Queries: IWbemServices::ExecQuery - ROOT\CIMV2 : SELECT * FROM Win32_BIOS

Source: file.exe, file.exe, 00000000.00000002.2092859906.00000000005D5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000003.2092577797.0000000000CE4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2093855277.0000000000CE4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2093647788.0000000000CA8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2092859906.00000000005D5000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Hides threads from debuggers

Anti Debugging

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality for execution timing, often used to detect debuggers

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0044C9E9 rdtsc

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_0042D770 LdrInitializeThunk,

0_2_0042D770

Source: file.exe, file.exe, 00000000.00000002.2092859906.00000000005D5000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid