Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1572098
MD5: b83484c3308f5ccee74b32fecbd5868c
SHA1: b3b557f3bf6019df3ab543760a027dfc3856c526
SHA256: 9e11cbefdb3ba615161b19b9ec876063f892c32aeebc86cb7976a0317cb3326f
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 44%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.2120790732.00000000049A0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2253810328.0000000000392000.00000040.00000001.01000000.00000003.sdmp

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E082 0_2_0051E082
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E089 0_2_0051E089
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051DEFC 0_2_0051DEFC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051DF17 0_2_0051DF17
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051DF06 0_2_0051DF06
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000002.2253824855.0000000000396000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: classification engine Classification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe ReversingLabs: Detection: 44%
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this applicationFDS_WL_
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe String found in binary or memory: RtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNeQT
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 2817536 > 1048576
Source: file.exe Static PE information: Raw size of iqfgoyby is bigger than: 0x100000 < 0x2a9e00
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.2120790732.00000000049A0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2253810328.0000000000392000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.390000.0.unpack :EW;.rsrc:W;.idata :W;iqfgoyby:EW;fltcogvq:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x2b72c9 should be: 0x2b7920
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name: iqfgoyby
Source: file.exe Static PE information: section name: fltcogvq
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005204BA push edx; ret 0_2_00520519
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051D62F push 207ABF7Ch; mov dword ptr [esp], eax 0_2_0051D6D3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051D62F push esi; mov dword ptr [esp], edx 0_2_0051D7AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A0BA7 push 40AAE1B7h; mov dword ptr [esp], edx 0_2_003A0BBB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A0BA7 push eax; mov dword ptr [esp], 71F8ABF5h 0_2_003A2EB2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A5018 push ebx; mov dword ptr [esp], edx 0_2_003A501C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00526078 push eax; mov dword ptr [esp], 0A5C6B10h 0_2_00526082
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A2064 push eax; mov dword ptr [esp], ebp 0_2_003A3DC6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A405D push esi; mov dword ptr [esp], 3D79F9ACh 0_2_003A407F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005BA020 push esi; mov dword ptr [esp], ebp 0_2_005BA0B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A20BE push edi; mov dword ptr [esp], ebx 0_2_003A20C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052A0D9 push 360F8580h; mov dword ptr [esp], ebx 0_2_0052A0E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039F09D push ebx; mov dword ptr [esp], edi 0_2_0039F0A9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039F09D push edx; mov dword ptr [esp], ecx 0_2_0039F9EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057D0FD push ecx; mov dword ptr [esp], 73FFE702h 0_2_0057D124
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057D0FD push eax; mov dword ptr [esp], 77B73C21h 0_2_0057D13E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E082 push 7A0B8301h; mov dword ptr [esp], edx 0_2_0051E0A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E082 push ecx; mov dword ptr [esp], 5BEB5111h 0_2_0051E0D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E082 push esi; mov dword ptr [esp], eax 0_2_0051E12C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E089 push 7A0B8301h; mov dword ptr [esp], edx 0_2_0051E0A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E089 push ecx; mov dword ptr [esp], 5BEB5111h 0_2_0051E0D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051E089 push esi; mov dword ptr [esp], eax 0_2_0051E12C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005B10AD push 37B8BEFEh; mov dword ptr [esp], edi 0_2_005B10E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052A155 push esi; mov dword ptr [esp], 00000004h 0_2_0052E22B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0052A155 push ebp; mov dword ptr [esp], edx 0_2_0052E248
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051A158 push 324665F6h; mov dword ptr [esp], eax 0_2_0051A8FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051F141 push eax; mov dword ptr [esp], edx 0_2_0051F199
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A112D push edx; mov dword ptr [esp], 07FF449Bh 0_2_003A4246
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051A17B push 4A5CBED6h; mov dword ptr [esp], esi 0_2_0051A19F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0060311D push 1B869DEBh; mov dword ptr [esp], eax 0_2_00603148
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0060311D push esi; mov dword ptr [esp], 00272CEAh 0_2_0060314C
Source: file.exe Static PE information: section name: entropy: 7.720931482911967

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 39E514 second address: 39E518 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 39DD69 second address: 39DD6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 39DD6D second address: 39DD77 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCFF4C7A646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51E349 second address: 51E34D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51E34D second address: 51E361 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A64Eh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51D4CF second address: 51D4E1 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FCFF4D9C226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b jl 00007FCFF4D9C226h 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51D652 second address: 51D673 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007FCFF4C7A659h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51DBCF second address: 51DBDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007FCFF4D9C226h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51DBDF second address: 51DBE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52030F second address: 520319 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCFF4D9C22Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 520319 second address: 52035B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007FCFF4C7A648h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 0000001Ah 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 push 00000000h 0x00000023 mov dword ptr [ebp+122D2D75h], ecx 0x00000029 mov ch, al 0x0000002b call 00007FCFF4C7A649h 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52035B second address: 52035F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52035F second address: 520365 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 520365 second address: 52036B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52036B second address: 520378 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 520378 second address: 520382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 520382 second address: 520390 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 520390 second address: 52039D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop eax 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52039D second address: 5203A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5204AE second address: 52053B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007FCFF4D9C235h 0x0000000c pop eax 0x0000000d popad 0x0000000e nop 0x0000000f jmp 00007FCFF4D9C22Dh 0x00000014 push 00000000h 0x00000016 push C9A4E6D2h 0x0000001b jns 00007FCFF4D9C22Eh 0x00000021 add dword ptr [esp], 365B19AEh 0x00000028 adc si, D906h 0x0000002d push 00000003h 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edx 0x00000034 call 00007FCFF4D9C228h 0x00000039 pop edx 0x0000003a mov dword ptr [esp+04h], edx 0x0000003e add dword ptr [esp+04h], 00000016h 0x00000046 inc edx 0x00000047 push edx 0x00000048 ret 0x00000049 pop edx 0x0000004a ret 0x0000004b mov dword ptr [ebp+122D2D75h], edx 0x00000051 push 00000003h 0x00000053 movzx esi, si 0x00000056 push 4C0E874Dh 0x0000005b push eax 0x0000005c push edx 0x0000005d jmp 00007FCFF4D9C22Ch 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52053B second address: 52058C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCFF4C7A64Eh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d add dword ptr [esp], 73F178B3h 0x00000014 adc cx, 2D2Fh 0x00000019 lea ebx, dword ptr [ebp+1245619Dh] 0x0000001f jg 00007FCFF4C7A64Bh 0x00000025 xchg eax, ebx 0x00000026 push edi 0x00000027 pushad 0x00000028 pushad 0x00000029 popad 0x0000002a jmp 00007FCFF4C7A64Ch 0x0000002f popad 0x00000030 pop edi 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 jl 00007FCFF4C7A648h 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52058C second address: 520596 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FCFF4D9C226h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52061C second address: 5206B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A64Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 733D4FC7h 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007FCFF4C7A648h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a push 00000003h 0x0000002c mov esi, dword ptr [ebp+122D3C1Eh] 0x00000032 jmp 00007FCFF4C7A653h 0x00000037 push 00000000h 0x00000039 push 00000000h 0x0000003b push ecx 0x0000003c call 00007FCFF4C7A648h 0x00000041 pop ecx 0x00000042 mov dword ptr [esp+04h], ecx 0x00000046 add dword ptr [esp+04h], 0000001Ch 0x0000004e inc ecx 0x0000004f push ecx 0x00000050 ret 0x00000051 pop ecx 0x00000052 ret 0x00000053 mov si, cx 0x00000056 push 00000003h 0x00000058 mov edi, ebx 0x0000005a call 00007FCFF4C7A649h 0x0000005f push eax 0x00000060 push edx 0x00000061 pushad 0x00000062 jmp 00007FCFF4C7A64Dh 0x00000067 pushad 0x00000068 popad 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5206B5 second address: 5206D5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C230h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push edx 0x0000000d pop edx 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5206D5 second address: 5206D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5092C6 second address: 5092D8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FCFF4D9C22Dh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F6A8 second address: 53F6B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A64Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F6B6 second address: 53F6BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F6BA second address: 53F6C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007FCFF4C7A646h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F6C8 second address: 53F6EC instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FCFF4D9C226h 0x00000008 jng 00007FCFF4D9C226h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007FCFF4D9C231h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F6EC second address: 53F718 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a pushad 0x0000000b jl 00007FCFF4C7A665h 0x00000011 jmp 00007FCFF4C7A659h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F718 second address: 53F724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jnl 00007FCFF4D9C226h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F724 second address: 53F769 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCFF4C7A646h 0x00000008 jmp 00007FCFF4C7A652h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 push edi 0x00000011 pop edi 0x00000012 pushad 0x00000013 popad 0x00000014 jbe 00007FCFF4C7A646h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007FCFF4C7A659h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F8CB second address: 53F8CF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53FD6A second address: 53FD70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53FEC8 second address: 53FEFD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C22Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 je 00007FCFF4D9C23Ah 0x0000000f jg 00007FCFF4D9C22Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 540A37 second address: 540A47 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A64Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5436FE second address: 543702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 544532 second address: 544536 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 544536 second address: 54453C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54453C second address: 54454B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edi 0x00000004 pop edi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54454B second address: 544571 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push edi 0x0000000f pushad 0x00000010 jmp 00007FCFF4D9C234h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5446E0 second address: 5446E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51832B second address: 518331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 518331 second address: 518366 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 ja 00007FCFF4C7A646h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f jmp 00007FCFF4C7A652h 0x00000014 pop edx 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 jmp 00007FCFF4C7A64Ch 0x0000001e pushad 0x0000001f popad 0x00000020 pop ebx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54C705 second address: 54C722 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007FCFF4D9C226h 0x0000000a jmp 00007FCFF4D9C231h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54BEAA second address: 54BEAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54BEAE second address: 54BECF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C232h 0x00000007 jmp 00007FCFF4D9C22Bh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54C551 second address: 54C578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A657h 0x00000009 push edi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 push eax 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50E2E9 second address: 50E2EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50E2EF second address: 50E2F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50E2F3 second address: 50E2F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CE2A second address: 54CE48 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A653h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CE48 second address: 54CE4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CE4C second address: 54CE52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CE52 second address: 54CE6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C22Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CE6C second address: 54CE70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CE70 second address: 54CE7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CE7A second address: 54CE7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CE7E second address: 54CE82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CE82 second address: 54CEB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007FCFF4C7A653h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jc 00007FCFF4C7A64Ch 0x0000001a jg 00007FCFF4C7A646h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54CEB0 second address: 54CEB5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54DD5C second address: 54DD76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCFF4C7A656h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54DD76 second address: 54DD7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54DE71 second address: 54DE75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54E151 second address: 54E155 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54E155 second address: 54E178 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A652h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a movsx edi, bx 0x0000000d movsx esi, di 0x00000010 xchg eax, ebx 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54E178 second address: 54E17C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54EEE6 second address: 54EEEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 550C37 second address: 550C3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55229F second address: 5522B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A64Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5522B4 second address: 5522B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5522B8 second address: 5522BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50AD84 second address: 50AD8A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50AD8A second address: 50AD98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCFF4C7A64Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 552047 second address: 552051 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FCFF4D9C226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50AD98 second address: 50AD9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5544B0 second address: 5544DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C236h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FCFF4D9C22Dh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5544DC second address: 5544F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A654h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 554FD0 second address: 554FE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b jo 00007FCFF4D9C226h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 554FE1 second address: 554FE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 554FE5 second address: 554FEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 557D98 second address: 557D9C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 557D9C second address: 557DA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 557DA2 second address: 557DAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FCFF4C7A646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5592AB second address: 5592AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5592AF second address: 5592D1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c popad 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 jmp 00007FCFF4C7A650h 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5592D1 second address: 559345 instructions: 0x00000000 rdtsc 0x00000002 jp 00007FCFF4D9C23Ah 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b movzx edi, di 0x0000000e pushad 0x0000000f mov edx, ecx 0x00000011 push ebx 0x00000012 mov dword ptr [ebp+124563C8h], edi 0x00000018 pop edi 0x00000019 popad 0x0000001a push 00000000h 0x0000001c mov edi, dword ptr [ebp+122D39CEh] 0x00000022 push 00000000h 0x00000024 push 00000000h 0x00000026 push ebp 0x00000027 call 00007FCFF4D9C228h 0x0000002c pop ebp 0x0000002d mov dword ptr [esp+04h], ebp 0x00000031 add dword ptr [esp+04h], 00000017h 0x00000039 inc ebp 0x0000003a push ebp 0x0000003b ret 0x0000003c pop ebp 0x0000003d ret 0x0000003e mov di, C205h 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 jmp 00007FCFF4D9C234h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559345 second address: 55934B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5558DF second address: 5558E5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A4C6 second address: 55A4CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55946B second address: 559470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55A4CC second address: 55A507 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A64Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov dword ptr [ebp+122D352Fh], edi 0x00000012 push 00000000h 0x00000014 push ecx 0x00000015 and edi, dword ptr [ebp+122D3AA2h] 0x0000001b pop edi 0x0000001c push 00000000h 0x0000001e sub dword ptr [ebp+122D1DCAh], edi 0x00000024 adc bx, 3834h 0x00000029 push eax 0x0000002a push ecx 0x0000002b push eax 0x0000002c push edx 0x0000002d jbe 00007FCFF4C7A646h 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559470 second address: 559475 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559562 second address: 559566 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 559566 second address: 55956A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55C5D5 second address: 55C5EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jnp 00007FCFF4C7A646h 0x00000010 jne 00007FCFF4C7A646h 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D7CD second address: 55D7D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D7D2 second address: 55D88F instructions: 0x00000000 rdtsc 0x00000002 jns 00007FCFF4C7A64Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b mov ebx, dword ptr [ebp+122D1E7Ah] 0x00000011 push dword ptr fs:[00000000h] 0x00000018 pushad 0x00000019 sub dword ptr [ebp+122D348Fh], esi 0x0000001f xor ax, 9C88h 0x00000024 popad 0x00000025 mov ebx, ecx 0x00000027 mov dword ptr fs:[00000000h], esp 0x0000002e mov ebx, dword ptr [ebp+122D3A26h] 0x00000034 mov eax, dword ptr [ebp+122D12B5h] 0x0000003a push 00000000h 0x0000003c push ebx 0x0000003d call 00007FCFF4C7A648h 0x00000042 pop ebx 0x00000043 mov dword ptr [esp+04h], ebx 0x00000047 add dword ptr [esp+04h], 0000001Dh 0x0000004f inc ebx 0x00000050 push ebx 0x00000051 ret 0x00000052 pop ebx 0x00000053 ret 0x00000054 add dword ptr [ebp+122D1CDAh], eax 0x0000005a mov edi, dword ptr [ebp+122D30EDh] 0x00000060 push FFFFFFFFh 0x00000062 push 00000000h 0x00000064 push edi 0x00000065 call 00007FCFF4C7A648h 0x0000006a pop edi 0x0000006b mov dword ptr [esp+04h], edi 0x0000006f add dword ptr [esp+04h], 00000019h 0x00000077 inc edi 0x00000078 push edi 0x00000079 ret 0x0000007a pop edi 0x0000007b ret 0x0000007c jmp 00007FCFF4C7A659h 0x00000081 mov ebx, dword ptr [ebp+122D1C98h] 0x00000087 push eax 0x00000088 pushad 0x00000089 push eax 0x0000008a push edx 0x0000008b jnp 00007FCFF4C7A646h 0x00000091 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D88F second address: 55D899 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F756 second address: 55F76E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FCFF4C7A654h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D899 second address: 55D89D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56056B second address: 560575 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FCFF4C7A646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55F76E second address: 55F772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 560575 second address: 5605D6 instructions: 0x00000000 rdtsc 0x00000002 jns 00007FCFF4C7A648h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jnc 00007FCFF4C7A650h 0x00000011 jmp 00007FCFF4C7A64Ah 0x00000016 nop 0x00000017 mov ebx, dword ptr [ebp+122D315Bh] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push esi 0x00000022 call 00007FCFF4C7A648h 0x00000027 pop esi 0x00000028 mov dword ptr [esp+04h], esi 0x0000002c add dword ptr [esp+04h], 0000001Bh 0x00000034 inc esi 0x00000035 push esi 0x00000036 ret 0x00000037 pop esi 0x00000038 ret 0x00000039 sub dword ptr [ebp+122DB9F5h], esi 0x0000003f xor bx, EE46h 0x00000044 push 00000000h 0x00000046 mov edi, dword ptr [ebp+122D333Ah] 0x0000004c push eax 0x0000004d push ebx 0x0000004e pushad 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5605D6 second address: 5605DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 561545 second address: 56154A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56154A second address: 5615BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCFF4D9C236h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push eax 0x00000013 call 00007FCFF4D9C228h 0x00000018 pop eax 0x00000019 mov dword ptr [esp+04h], eax 0x0000001d add dword ptr [esp+04h], 00000015h 0x00000025 inc eax 0x00000026 push eax 0x00000027 ret 0x00000028 pop eax 0x00000029 ret 0x0000002a push 00000000h 0x0000002c push 00000000h 0x0000002e push edi 0x0000002f call 00007FCFF4D9C228h 0x00000034 pop edi 0x00000035 mov dword ptr [esp+04h], edi 0x00000039 add dword ptr [esp+04h], 0000001Ah 0x00000041 inc edi 0x00000042 push edi 0x00000043 ret 0x00000044 pop edi 0x00000045 ret 0x00000046 push 00000000h 0x00000048 mov di, dx 0x0000004b push eax 0x0000004c pushad 0x0000004d push eax 0x0000004e push edx 0x0000004f jp 00007FCFF4D9C226h 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5667F9 second address: 566827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A654h 0x00000009 popad 0x0000000a popad 0x0000000b push ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e ja 00007FCFF4C7A646h 0x00000014 jmp 00007FCFF4C7A64Bh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 513217 second address: 51321B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51321B second address: 51321F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 566DFB second address: 566DFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 567D80 second address: 567DBE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FCFF4C7A655h 0x0000000d nop 0x0000000e mov di, bx 0x00000011 push 00000000h 0x00000013 mov edi, dword ptr [ebp+122D3C16h] 0x00000019 push 00000000h 0x0000001b push ebx 0x0000001c jbe 00007FCFF4C7A64Ch 0x00000022 mov dword ptr [ebp+122D29B9h], eax 0x00000028 pop ebx 0x00000029 xchg eax, esi 0x0000002a pushad 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 564A02 second address: 564A08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 564A08 second address: 564A0C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 567DBE second address: 567DC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 566FEC second address: 56705B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A654h 0x00000009 popad 0x0000000a pop edx 0x0000000b nop 0x0000000c jmp 00007FCFF4C7A64Dh 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push ecx 0x0000001b call 00007FCFF4C7A648h 0x00000020 pop ecx 0x00000021 mov dword ptr [esp+04h], ecx 0x00000025 add dword ptr [esp+04h], 00000017h 0x0000002d inc ecx 0x0000002e push ecx 0x0000002f ret 0x00000030 pop ecx 0x00000031 ret 0x00000032 cld 0x00000033 mov dword ptr fs:[00000000h], esp 0x0000003a mov bl, 45h 0x0000003c mov eax, dword ptr [ebp+122D0D01h] 0x00000042 push edi 0x00000043 mov di, si 0x00000046 pop ebx 0x00000047 push FFFFFFFFh 0x00000049 movzx ebx, dx 0x0000004c nop 0x0000004d push eax 0x0000004e push edx 0x0000004f push eax 0x00000050 pushad 0x00000051 popad 0x00000052 pop eax 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56705B second address: 567079 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCFF4D9C239h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 568CD7 second address: 568D7C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ebx 0x0000000b call 00007FCFF4C7A648h 0x00000010 pop ebx 0x00000011 mov dword ptr [esp+04h], ebx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc ebx 0x0000001e push ebx 0x0000001f ret 0x00000020 pop ebx 0x00000021 ret 0x00000022 adc bl, 00000044h 0x00000025 push 00000000h 0x00000027 push 00000000h 0x00000029 push edi 0x0000002a call 00007FCFF4C7A648h 0x0000002f pop edi 0x00000030 mov dword ptr [esp+04h], edi 0x00000034 add dword ptr [esp+04h], 00000016h 0x0000003c inc edi 0x0000003d push edi 0x0000003e ret 0x0000003f pop edi 0x00000040 ret 0x00000041 jns 00007FCFF4C7A65Ch 0x00000047 push 00000000h 0x00000049 jmp 00007FCFF4C7A64Dh 0x0000004e xchg eax, esi 0x0000004f pushad 0x00000050 jmp 00007FCFF4C7A656h 0x00000055 jmp 00007FCFF4C7A64Bh 0x0000005a popad 0x0000005b push eax 0x0000005c push eax 0x0000005d push edx 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 popad 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 567F7E second address: 567F84 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 568D7C second address: 568D80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 567F84 second address: 567FAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007FCFF4D9C239h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007FCFF4D9C226h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 568D80 second address: 568D86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 567FAF second address: 567FB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56ACF5 second address: 56AD0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCFF4C7A64Fh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56AD0F second address: 56AD13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 568F2B second address: 568F34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 568F34 second address: 568F38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 568F38 second address: 568F3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57DB50 second address: 57DB5A instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FCFF4D9C226h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57DB5A second address: 57DB69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007FCFF4C7A646h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D221 second address: 57D23F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jg 00007FCFF4D9C226h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push ecx 0x0000000e jmp 00007FCFF4D9C22Ah 0x00000013 pop ecx 0x00000014 pushad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D36E second address: 57D372 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D372 second address: 57D39C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FCFF4D9C22Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jp 00007FCFF4D9C234h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D39C second address: 57D3A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D3A0 second address: 57D3C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C238h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D3C2 second address: 57D3F5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A655h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push edi 0x0000000d pop edi 0x0000000e push edx 0x0000000f pop edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 jng 00007FCFF4C7A646h 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jng 00007FCFF4C7A646h 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D3F5 second address: 57D3F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D3F9 second address: 57D416 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007FCFF4C7A655h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D5C9 second address: 57D5ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jnl 00007FCFF4D9C23Bh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 57D74E second address: 57D762 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A650h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58415A second address: 584172 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007FCFF4D9C226h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 jbe 00007FCFF4D9C22Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 584172 second address: 584191 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A64Dh 0x00000009 popad 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e push eax 0x0000000f je 00007FCFF4C7A64Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 584191 second address: 5841D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 mov eax, dword ptr [eax] 0x00000007 pushad 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007FCFF4D9C231h 0x00000010 popad 0x00000011 jo 00007FCFF4D9C22Ch 0x00000017 jnc 00007FCFF4D9C226h 0x0000001d popad 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007FCFF4D9C233h 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58A3F0 second address: 58A3FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jp 00007FCFF4C7A646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589893 second address: 58989A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58989A second address: 5898BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jnp 00007FCFF4C7A646h 0x0000000b jmp 00007FCFF4C7A64Ah 0x00000010 jne 00007FCFF4C7A646h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589A1F second address: 589A23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589B73 second address: 589B7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007FCFF4C7A646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589B7D second address: 589B96 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C230h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589D0C second address: 589D24 instructions: 0x00000000 rdtsc 0x00000002 jno 00007FCFF4C7A646h 0x00000008 jmp 00007FCFF4C7A64Bh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589D24 second address: 589D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589E6B second address: 589E77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 589E77 second address: 589E83 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jl 00007FCFF4D9C226h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58A126 second address: 58A13E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A64Fh 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58A13E second address: 58A154 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4D9C232h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58A154 second address: 58A184 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A650h 0x00000007 jbe 00007FCFF4C7A646h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007FCFF4C7A650h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58A184 second address: 58A188 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59169A second address: 5916AF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A651h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 596AA4 second address: 596AC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 jno 00007FCFF4D9C23Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5956C4 second address: 5956D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d je 00007FCFF4C7A646h 0x00000013 pop esi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 595822 second address: 595826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 595826 second address: 595870 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 jmp 00007FCFF4C7A657h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007FCFF4C7A64Bh 0x00000016 pushad 0x00000017 popad 0x00000018 jns 00007FCFF4C7A646h 0x0000001e popad 0x0000001f jmp 00007FCFF4C7A653h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 595870 second address: 59588B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007FCFF4D9C226h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FCFF4D9C22Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59588B second address: 59588F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59588F second address: 595893 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5959D6 second address: 5959DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 595E84 second address: 595E9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C235h 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 595E9F second address: 595EA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 595EA3 second address: 595EA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 596436 second address: 596445 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 jng 00007FCFF4C7A646h 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 596445 second address: 596455 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007FCFF4D9C226h 0x0000000a jl 00007FCFF4D9C226h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 596455 second address: 59647A instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCFF4C7A646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pop edx 0x0000000e jmp 00007FCFF4C7A657h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59647A second address: 59649A instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCFF4D9C226h 0x00000008 jmp 00007FCFF4D9C230h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59649A second address: 5964E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FCFF4C7A646h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c jmp 00007FCFF4C7A653h 0x00000011 jmp 00007FCFF4C7A653h 0x00000016 popad 0x00000017 pushad 0x00000018 jmp 00007FCFF4C7A652h 0x0000001d push edx 0x0000001e pop edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 596791 second address: 5967BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FCFF4D9C231h 0x00000008 jmp 00007FCFF4D9C22Eh 0x0000000d popad 0x0000000e jc 00007FCFF4D9C22Eh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59BCCF second address: 59BCD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59BCD3 second address: 59BCD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59C29D second address: 59C2DC instructions: 0x00000000 rdtsc 0x00000002 je 00007FCFF4C7A646h 0x00000008 jmp 00007FCFF4C7A64Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jns 00007FCFF4C7A651h 0x00000015 popad 0x00000016 js 00007FCFF4C7A65Ah 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f pop esi 0x00000020 jmp 00007FCFF4C7A64Ah 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A222B second address: 5A2231 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55618D second address: 537811 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FCFF4C7A657h 0x0000000d nop 0x0000000e mov edi, dword ptr [ebp+122D2167h] 0x00000014 push esi 0x00000015 mov dword ptr [ebp+1247C60Dh], edi 0x0000001b pop edi 0x0000001c call dword ptr [ebp+122D363Ah] 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 pop eax 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55680B second address: 556811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556811 second address: 556829 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007FCFF4C7A64Ch 0x0000000b popad 0x0000000c push eax 0x0000000d push ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556829 second address: 556852 instructions: 0x00000000 rdtsc 0x00000002 jo 00007FCFF4D9C226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop ecx 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f pushad 0x00000010 jmp 00007FCFF4D9C231h 0x00000015 push eax 0x00000016 push edx 0x00000017 jno 00007FCFF4D9C226h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556852 second address: 556868 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FCFF4C7A646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [eax] 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jg 00007FCFF4C7A646h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5569C8 second address: 5569D6 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FCFF4D9C226h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5569D6 second address: 5569DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556A43 second address: 556A48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556A48 second address: 556A74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A655h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a movzx ecx, cx 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jno 00007FCFF4C7A64Ch 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556A74 second address: 556A7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556A7A second address: 556A7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556C35 second address: 556C42 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556D74 second address: 556D7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5571BB second address: 5571BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5575C5 second address: 5575CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5575CA second address: 5575D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5575D0 second address: 557616 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A652h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jng 00007FCFF4C7A650h 0x00000012 nop 0x00000013 push ebx 0x00000014 mov edi, 127633AFh 0x00000019 pop edi 0x0000001a add cx, DB7Ah 0x0000001f lea eax, dword ptr [ebp+1248BF2Dh] 0x00000025 mov dx, bx 0x00000028 push eax 0x00000029 push eax 0x0000002a push edx 0x0000002b push eax 0x0000002c push edx 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 557616 second address: 55761A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55761A second address: 557620 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 557620 second address: 55762A instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCFF4D9C22Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A13BB second address: 5A13C9 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FCFF4C7A646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A13C9 second address: 5A13CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A13CD second address: 5A13FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 pushad 0x00000008 jnp 00007FCFF4C7A64Eh 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 jns 00007FCFF4C7A646h 0x00000016 jng 00007FCFF4C7A65Fh 0x0000001c jmp 00007FCFF4C7A653h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A4B08 second address: 5A4B12 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FCFF4D9C226h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A4B12 second address: 5A4B16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A740F second address: 5A7428 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 jmp 00007FCFF4D9C22Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A7428 second address: 5A7446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FCFF4C7A655h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A7446 second address: 5A744A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A713C second address: 5A7149 instructions: 0x00000000 rdtsc 0x00000002 js 00007FCFF4C7A648h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AC2EB second address: 5AC30B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007FCFF4D9C237h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B230A second address: 5B231D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FCFF4C7A646h 0x0000000a pushad 0x0000000b jl 00007FCFF4C7A646h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B231D second address: 5B2327 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B2327 second address: 5B2331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B0CE9 second address: 5B0CFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jo 00007FCFF4D9C226h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B0CFC second address: 5B0D02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B0FAE second address: 5B0FCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jc 00007FCFF4D9C23Fh 0x0000000b jmp 00007FCFF4D9C233h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B13AB second address: 5B13B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B13B6 second address: 5B13BA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B13BA second address: 5B13CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A64Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556F9D second address: 556FA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 556FA1 second address: 556FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebp 0x0000000d call 00007FCFF4C7A648h 0x00000012 pop ebp 0x00000013 mov dword ptr [esp+04h], ebp 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc ebp 0x00000020 push ebp 0x00000021 ret 0x00000022 pop ebp 0x00000023 ret 0x00000024 mov ecx, dword ptr [ebp+122D3A12h] 0x0000002a mov ebx, dword ptr [ebp+1248BF28h] 0x00000030 jnc 00007FCFF4C7A64Ch 0x00000036 add eax, ebx 0x00000038 adc di, 82B5h 0x0000003d clc 0x0000003e nop 0x0000003f jc 00007FCFF4C7A654h 0x00000045 pushad 0x00000046 jc 00007FCFF4C7A646h 0x0000004c push eax 0x0000004d push edx 0x0000004e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B152C second address: 5B1532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B1532 second address: 5B1536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B1698 second address: 5B169E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5B497A second address: 5B497F instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BBFF4 second address: 5BBFFF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BA0DF second address: 5BA0E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BA0E5 second address: 5BA0E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BA0E9 second address: 5BA0ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BA6DE second address: 5BA6E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BA6E4 second address: 5BA6E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BA6E8 second address: 5BA6F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007FCFF4D9C226h 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BB1E6 second address: 5BB200 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A655h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BB4B5 second address: 5BB4BB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BB4BB second address: 5BB4C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007FCFF4C7A646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BB4C5 second address: 5BB4C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BB4C9 second address: 5BB4DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jl 00007FCFF4C7A64Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BB789 second address: 5BB798 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FCFF4D9C226h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BB798 second address: 5BB79C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BBC9F second address: 5BBCF1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C239h 0x00000007 jnc 00007FCFF4D9C22Ch 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jng 00007FCFF4D9C22Ah 0x00000017 jnp 00007FCFF4D9C23Dh 0x0000001d pushad 0x0000001e popad 0x0000001f jmp 00007FCFF4D9C235h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C094F second address: 5C095B instructions: 0x00000000 rdtsc 0x00000002 jno 00007FCFF4C7A646h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BFD4C second address: 5BFD51 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BFFA3 second address: 5BFFA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BFFA7 second address: 5BFFAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C00DD second address: 5C00EF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jno 00007FCFF4C7A646h 0x00000010 push esi 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C00EF second address: 5C00FB instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FCFF4D9C226h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C00FB second address: 5C0101 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C0249 second address: 5C0268 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C237h 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a pop esi 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C0268 second address: 5C026C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C069B second address: 5C06A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C06A1 second address: 5C06A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CC298 second address: 5CC2B4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007FCFF4D9C226h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FCFF4D9C22Eh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CC2B4 second address: 5CC2E4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A658h 0x00000007 jo 00007FCFF4C7A646h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 je 00007FCFF4C7A646h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CC2E4 second address: 5CC2EA instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CC5BA second address: 5CC5C2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CCCF4 second address: 5CCCF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CCCF9 second address: 5CCD03 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FCFF4C7A646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D2EAD second address: 5D2EB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D2EB3 second address: 5D2ECE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FCFF4C7A64Bh 0x0000000f jl 00007FCFF4C7A646h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D2ECE second address: 5D2ED2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D443E second address: 5D4448 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007FCFF4C7A646h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D4448 second address: 5D444C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D444C second address: 5D445B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FCFF4C7A646h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D8664 second address: 5D8668 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D8668 second address: 5D866E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D893A second address: 5D895C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C231h 0x00000007 jmp 00007FCFF4D9C22Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D895C second address: 5D899C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A652h 0x00000007 pushad 0x00000008 jmp 00007FCFF4C7A652h 0x0000000d je 00007FCFF4C7A646h 0x00000013 jmp 00007FCFF4C7A64Ch 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b pushad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D899C second address: 5D89A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E56F7 second address: 5E5735 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A655h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007FCFF4C7A654h 0x00000011 pop ebx 0x00000012 pop ecx 0x00000013 jnc 00007FCFF4C7A67Bh 0x00000019 push eax 0x0000001a push edx 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E5735 second address: 5E5739 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E88CF second address: 5E88D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E8A71 second address: 5E8A77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5E8A77 second address: 5E8A87 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FCFF4C7A646h 0x0000000e push edi 0x0000000f pop edi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDA6C second address: 5EDA8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jmp 00007FCFF4D9C239h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5EDA8D second address: 5EDA98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007FCFF4C7A646h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F4574 second address: 5F4578 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5F4578 second address: 5F458E instructions: 0x00000000 rdtsc 0x00000002 jg 00007FCFF4C7A646h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jo 00007FCFF4C7A64Eh 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 600C56 second address: 600C5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FF9A3 second address: 5FF9BF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FCFF4C7A657h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFB0E second address: 5FFB14 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFC7B second address: 5FFC7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFC7F second address: 5FFCC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C231h 0x00000007 jmp 00007FCFF4D9C22Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edi 0x0000000f jmp 00007FCFF4D9C231h 0x00000014 jmp 00007FCFF4D9C22Fh 0x00000019 pop edi 0x0000001a push eax 0x0000001b push edx 0x0000001c ja 00007FCFF4D9C226h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFCC8 second address: 5FFCD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFCD2 second address: 5FFCD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5FFCD8 second address: 5FFCDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6030A0 second address: 6030A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6030A6 second address: 6030AC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6030AC second address: 6030B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007FCFF4D9C226h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6030B8 second address: 6030BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6030BC second address: 6030E7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FCFF4D9C22Dh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FCFF4D9C234h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6030E7 second address: 6030EC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6030EC second address: 6030F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6030F2 second address: 603106 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A64Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6050F7 second address: 605108 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 ja 00007FCFF4D9C226h 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 605108 second address: 60510E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60510E second address: 605112 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 605112 second address: 605116 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 605116 second address: 60511C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 60511C second address: 605125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6114FA second address: 611500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 613859 second address: 61386A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A64Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 624C3F second address: 624C75 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4D9C238h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007FCFF4D9C238h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 624C75 second address: 624C83 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCFF4C7A646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 624C83 second address: 624C87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 624C87 second address: 624C8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 624C8B second address: 624CD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4D9C237h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b popad 0x0000000c pushad 0x0000000d jl 00007FCFF4D9C241h 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 624CD1 second address: 624CDC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 624E14 second address: 624E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4D9C231h 0x00000009 jne 00007FCFF4D9C226h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push edi 0x00000013 pop edi 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 624E34 second address: 624E3A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62CDD5 second address: 62CDDA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62CDDA second address: 62CDF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007FCFF4C7A646h 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007FCFF4C7A646h 0x00000013 jne 00007FCFF4C7A646h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62CF5A second address: 62CF64 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FCFF4D9C226h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D1FF second address: 62D20C instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FCFF4C7A646h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D20C second address: 62D22B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 jmp 00007FCFF4D9C238h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D22B second address: 62D238 instructions: 0x00000000 rdtsc 0x00000002 je 00007FCFF4C7A648h 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D238 second address: 62D25F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4D9C233h 0x00000009 jbe 00007FCFF4D9C226h 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D25F second address: 62D263 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D6DD second address: 62D6E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D6E1 second address: 62D6FB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FCFF4C7A656h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D6FB second address: 62D719 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007FCFF4D9C234h 0x0000000c push esi 0x0000000d pop esi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D85B second address: 62D85F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D85F second address: 62D869 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D869 second address: 62D889 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FCFF4C7A646h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007FCFF4C7A646h 0x00000014 jmp 00007FCFF4C7A64Ch 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D889 second address: 62D8C3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007FCFF4D9C22Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007FCFF4D9C23Eh 0x00000011 popad 0x00000012 jnl 00007FCFF4D9C254h 0x00000018 push ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D8C3 second address: 62D8D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FCFF4C7A646h 0x0000000a pop ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 62D8D4 second address: 62D8D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630EC0 second address: 630EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6308EF second address: 6308F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 635DA9 second address: 635DC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FCFF4C7A651h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 6391C4 second address: 6391CB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 638D50 second address: 638D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 638D54 second address: 638D58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630A7B second address: 630A96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FCFF4C7A654h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630BEF second address: 630BF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630BF8 second address: 630BFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630BFE second address: 630C10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007FCFF4D9C244h 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 630C10 second address: 630C1A instructions: 0x00000000 rdtsc 0x00000002 jng 00007FCFF4C7A646h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54FB27 second address: 54FB2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54FB2C second address: 54FB33 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54FD5C second address: 54FD63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 39DD07 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 39DDE0 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 542D78 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 5DE964 instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4A50000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4CD0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 6CD0000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00520451 rdtsc 0_2_00520451
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 2268 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00580136 GetSystemInfo,VirtualAlloc, 0_2_00580136
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.2253977041.0000000000524000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2253977041.0000000000524000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00520451 rdtsc 0_2_00520451
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039B7E2 LdrInitializeThunk, 0_2_0039B7E2
Enables debug privileges
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, 00000000.00000002.2254180555.000000000057A000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: SProgram Manager
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0057791A GetSystemTime,GetFileTime, 0_2_0057791A

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1572098 Sample: file.exe Startdate: 10/12/2024 Architecture: WINDOWS Score: 100 11 Multi AV Scanner detection for submitted file 2->11 13 Machine Learning detection for sample 2->13 15 PE file contains section with special chars 2->15 17 AI detected suspicious sample 2->17 5 file.exe 9 1 2->5         started        process3 file4 9 C:\Users\user\AppData\Local\...\file.exe.log, CSV 5->9 dropped 19 Detected unpacking (changes PE section rights) 5->19 21 Tries to detect sandboxes and other dynamic analysis tools (window names) 5->21 23 Modifies windows update settings 5->23 25 8 other signatures 5->25 signatures5
No contacted IP infos