Joe Sandbox Cloud Basic Analysis Report
Edit tour

Windows Analysis Report
random.exe

Overview

General Information

Sample name:random.exe
Analysis ID:1604681
MD5:b371d530e55c6193d9a67acacfa95ce0
SHA1:6596c107a265b42bb6f3d6679f2addbf63a1d8d3
SHA256:155e2d08a4f23810a4d7784bac7dc2c42ed5242757b685f27c8ff8143a2ed562
Tags:exeHealeruser-aachum
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Multi AV Scanner detection for submitted file
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Joe Sandbox ML detected suspicious sample
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Process Tree

  • System is w10x64
  • random.exe (PID: 6868 cmdline: "C:\Users\user\Desktop\random.exe" MD5: B371D530E55C6193D9A67ACACFA95CE0)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: random.exeVirustotal: Detection: 61%Perma Link
Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
Source: random.exeJoe Sandbox ML: detected
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0020B924 CryptVerifySignatureA,
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: random.exe, 00000000.00000002.1800530200.0000000000022000.00000040.00000001.01000000.00000003.sdmp, random.exe, 00000000.00000003.1667464951.0000000004A40000.00000004.00001000.00020000.00000000.sdmp

System Summary

barindex
Source: random.exeStatic PE information: section name:
Source: random.exeStatic PE information: section name: .idata
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001AF4F8
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001AF4E1
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0024EBDD
Source: C:\Users\user\Desktop\random.exeCode function: String function: 00206919 appears 35 times
Source: random.exe, 00000000.00000000.1651878115.00000000002D7000.00000080.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs random.exe
Source: random.exe, 00000000.00000002.1800547889.0000000000026000.00000004.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs random.exe
Source: random.exe, 00000000.00000002.1801939723.0000000000DDE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs random.exe
Source: random.exe, 00000000.00000002.1802989498.0000000004A40000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamedefOff.exe. vs random.exe
Source: random.exeBinary or memory string: OriginalFilenamedefOff.exe. vs random.exe
Source: classification engineClassification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\random.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\random.exe.logJump to behavior
Source: C:\Users\user\Desktop\random.exeMutant created: NULL
Source: C:\Users\user\Desktop\random.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers
Source: random.exeVirustotal: Detection: 61%
Source: random.exeString found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: random.exeString found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: random.exeString found in binary or memory: XdRtlAllocateHeap3Cannot find '%s'. Please, re-install this applicationThunRTMain__vbaVarTstNehs
Source: C:\Users\user\Desktop\random.exeSection loaded: apphelp.dll
Source: C:\Users\user\Desktop\random.exeSection loaded: winmm.dll
Source: C:\Users\user\Desktop\random.exeSection loaded: windows.storage.dll
Source: C:\Users\user\Desktop\random.exeSection loaded: wldp.dll
Source: C:\Users\user\Desktop\random.exeSection loaded: mscoree.dll
Source: C:\Users\user\Desktop\random.exeSection loaded: kernel.appcore.dll
Source: C:\Users\user\Desktop\random.exeSection loaded: version.dll
Source: C:\Users\user\Desktop\random.exeSection loaded: vcruntime140_clr0400.dll
Source: C:\Users\user\Desktop\random.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\random.exeSection loaded: ucrtbase_clr0400.dll
Source: C:\Users\user\Desktop\random.exeSection loaded: sspicli.dll
Source: random.exeStatic file information: File size 2834432 > 1048576
Source: random.exeStatic PE information: Raw size of vjfqhjlc is bigger than: 0x100000 < 0x2ae200
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: random.exe, 00000000.00000002.1800530200.0000000000022000.00000040.00000001.01000000.00000003.sdmp, random.exe, 00000000.00000003.1667464951.0000000004A40000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation

barindex
Source: C:\Users\user\Desktop\random.exeUnpacked PE file: 0.2.random.exe.20000.0.unpack :EW;.rsrc:W;.idata :W;vjfqhjlc:EW;iosfcsbn:EW;.taggant:EW; vs :ER;.rsrc:W;
Source: initial sampleStatic PE information: section where entry point is pointing to: .taggant
Source: random.exeStatic PE information: real checksum: 0x2be020 should be: 0x2c084e
Source: random.exeStatic PE information: section name:
Source: random.exeStatic PE information: section name: .idata
Source: random.exeStatic PE information: section name: vjfqhjlc
Source: random.exeStatic PE information: section name: iosfcsbn
Source: random.exeStatic PE information: section name: .taggant
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D409C push ebx; mov dword ptr [esp], 1E600F2Dh
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D409C push ecx; mov dword ptr [esp], edx
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D409C push esi; mov dword ptr [esp], 7F4AD179h
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D409C push 4E648B2Ch; mov dword ptr [esp], edx
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001BD1BA push 289DF712h; mov dword ptr [esp], edx
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001BD1BA push ecx; mov dword ptr [esp], edi
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D4221 push ebx; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D4221 push eax; mov dword ptr [esp], 7F4989A3h
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D4221 push 58D65869h; mov dword ptr [esp], esp
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D4221 push esi; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0002E3B4 push 4F1403E8h; mov dword ptr [esp], ecx
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001AE8BD push ecx; mov dword ptr [esp], 716F5139h
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001AE8BD push ebp; mov dword ptr [esp], 7EBF7491h
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001AE8BD push edi; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D501B push ebp; ret
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001B0014 push 0A8C523Ch; mov dword ptr [esp], ebp
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0002D01B push esi; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0002D01B push 6A8745C0h; mov dword ptr [esp], esi
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_00244006 push eax; mov dword ptr [esp], 5FCEF811h
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001DD035 push eax; mov dword ptr [esp], 7E8AF405h
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001DD035 push esi; mov dword ptr [esp], ebx
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001DD035 push esi; mov dword ptr [esp], 76FD16CCh
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001DD035 push 60BAA64Bh; mov dword ptr [esp], ecx
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D8030 push edx; mov dword ptr [esp], 656A76DAh
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D602B push eax; ret
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0003103A push ecx; mov dword ptr [esp], 7FFF78E4h
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D704F push eax; ret
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0002D068 push esi; mov dword ptr [esp], eax
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0002D068 push 6A8745C0h; mov dword ptr [esp], esi
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0003106D push eax; mov dword ptr [esp], 77FF0B6Ch
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D509E push ebx; ret
Source: random.exeStatic PE information: section name: entropy: 7.795968193062358

Boot Survival

barindex
Source: C:\Users\user\Desktop\random.exeWindow searched: window name: FilemonClass
Source: C:\Users\user\Desktop\random.exeWindow searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\Desktop\random.exeWindow searched: window name: RegmonClass
Source: C:\Users\user\Desktop\random.exeWindow searched: window name: FilemonClass
Source: C:\Users\user\Desktop\random.exeWindow searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\Desktop\random.exeWindow searched: window name: Regmonclass
Source: C:\Users\user\Desktop\random.exeWindow searched: window name: Filemonclass
Source: C:\Users\user\Desktop\random.exeWindow searched: window name: PROCMON_WINDOW_CLASS
Source: C:\Users\user\Desktop\random.exeWindow searched: window name: Regmonclass
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX
Source: C:\Users\user\Desktop\random.exeProcess information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

barindex
Source: C:\Users\user\Desktop\random.exeFile opened: HKEY_CURRENT_USER\Software\Wine
Source: C:\Users\user\Desktop\random.exeFile opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2E2CF second address: 2E2D9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4C1852F05Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AF684 second address: 1AF6A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C18DD9718h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AE745 second address: 1AE765 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F062h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jno 00007F4C1852F056h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AE765 second address: 1AE769 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AE769 second address: 1AE76F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AE76F second address: 1AE774 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AE8E8 second address: 1AE8F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AED8B second address: 1AED99 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4C18DD9706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AED99 second address: 1AED9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AED9F second address: 1AEDA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AEDA3 second address: 1AEDBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F063h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AEF39 second address: 1AEF46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4C18DD9706h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1AEF46 second address: 1AEF4B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1B1577 second address: 1B1586 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD970Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1B16F3 second address: 1B1783 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 add dword ptr [esp], 57A3C1A8h 0x0000000c add esi, dword ptr [ebp+122D3960h] 0x00000012 or edx, 734C6FB0h 0x00000018 push 00000003h 0x0000001a sub esi, dword ptr [ebp+122D3620h] 0x00000020 push 00000000h 0x00000022 mov ecx, esi 0x00000024 sbb cl, FFFFFFB4h 0x00000027 push 00000003h 0x00000029 mov di, 2C34h 0x0000002d push 9E7AF24Dh 0x00000032 push esi 0x00000033 jmp 00007F4C1852F061h 0x00000038 pop esi 0x00000039 xor dword ptr [esp], 5E7AF24Dh 0x00000040 mov dword ptr [ebp+122D1EBAh], edx 0x00000046 mov di, ax 0x00000049 lea ebx, dword ptr [ebp+124574D0h] 0x0000004f push 00000000h 0x00000051 push ebp 0x00000052 call 00007F4C1852F058h 0x00000057 pop ebp 0x00000058 mov dword ptr [esp+04h], ebp 0x0000005c add dword ptr [esp+04h], 0000001Ah 0x00000064 inc ebp 0x00000065 push ebp 0x00000066 ret 0x00000067 pop ebp 0x00000068 ret 0x00000069 pushad 0x0000006a sbb cx, C008h 0x0000006f sub dword ptr [ebp+122D1E97h], edi 0x00000075 popad 0x00000076 push eax 0x00000077 push edi 0x00000078 push eax 0x00000079 push edx 0x0000007a push esi 0x0000007b pop esi 0x0000007c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1B184F second address: 1B1865 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a pushad 0x0000000b jng 00007F4C18DD9708h 0x00000011 push esi 0x00000012 pop esi 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1B1865 second address: 1B1916 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F4C1852F056h 0x0000000a popad 0x0000000b popad 0x0000000c mov eax, dword ptr [eax] 0x0000000e jno 00007F4C1852F064h 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 pushad 0x00000019 jc 00007F4C1852F058h 0x0000001f pushad 0x00000020 popad 0x00000021 pushad 0x00000022 jmp 00007F4C1852F05Eh 0x00000027 ja 00007F4C1852F056h 0x0000002d popad 0x0000002e popad 0x0000002f pop eax 0x00000030 jmp 00007F4C1852F064h 0x00000035 sub dword ptr [ebp+122D1DE3h], edi 0x0000003b push 00000003h 0x0000003d call 00007F4C1852F067h 0x00000042 call 00007F4C1852F062h 0x00000047 jnc 00007F4C1852F056h 0x0000004d pop edi 0x0000004e pop edx 0x0000004f push 00000000h 0x00000051 mov edx, dword ptr [ebp+122D1EB5h] 0x00000057 push 00000003h 0x00000059 push AE94B142h 0x0000005e push eax 0x0000005f push edx 0x00000060 jmp 00007F4C1852F05Ch 0x00000065 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1B1A14 second address: 1B1A4F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a pushad 0x0000000b popad 0x0000000c pop eax 0x0000000d jmp 00007F4C18DD9715h 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 push ebx 0x00000018 ja 00007F4C18DD970Ch 0x0000001e jg 00007F4C18DD9706h 0x00000024 pop ebx 0x00000025 mov eax, dword ptr [eax] 0x00000027 push esi 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1B1A4F second address: 1B1A81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C1852F064h 0x00000009 popad 0x0000000a pop esi 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jng 00007F4C1852F069h 0x00000015 pushad 0x00000016 jmp 00007F4C1852F05Bh 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1B1A81 second address: 1B1ABD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [ebp+122D3502h], ebx 0x0000000c push 00000003h 0x0000000e jp 00007F4C18DD9706h 0x00000014 mov cx, di 0x00000017 push 00000000h 0x00000019 mov esi, dword ptr [ebp+122D3854h] 0x0000001f je 00007F4C18DD970Ch 0x00000025 mov edi, dword ptr [ebp+122D36A4h] 0x0000002b push 00000003h 0x0000002d mov dword ptr [ebp+122D1FCAh], ebx 0x00000033 push 99E98493h 0x00000038 push edi 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D4786 second address: 1D47A7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4C1852F063h 0x0000000b push eax 0x0000000c push edx 0x0000000d jl 00007F4C1852F056h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19E256 second address: 19E25C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19E25C second address: 19E262 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19E262 second address: 19E268 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19E268 second address: 19E26E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19E26E second address: 19E274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19E274 second address: 19E278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19E278 second address: 19E2B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD970Fh 0x00000007 js 00007F4C18DD9706h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 jbe 00007F4C18DD9729h 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F4C18DD9715h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19E2B0 second address: 19E2B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D2EF6 second address: 1D2EFB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D309D second address: 1D30A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D31EF second address: 1D31F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D361A second address: 1D361E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D361E second address: 1D3633 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F4C18DD970Fh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D3633 second address: 1D364A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F062h 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D364A second address: 1D365C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F4C18DD972Eh 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D365C second address: 1D367C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push esi 0x00000007 pop esi 0x00000008 jmp 00007F4C1852F060h 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1C8158 second address: 1C819C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F4C18DD970Ch 0x0000000c ja 00007F4C18DD9718h 0x00000012 push eax 0x00000013 jmp 00007F4C18DD9716h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19908B second address: 19908F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D435C second address: 1D4386 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F4C18DD9706h 0x0000000a jnl 00007F4C18DD9708h 0x00000010 pop edi 0x00000011 jl 00007F4C18DD9729h 0x00000017 pushad 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a jmp 00007F4C18DD970Ch 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D72A0 second address: 1D72A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D5D8F second address: 1D5D93 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1D88E2 second address: 1D88F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F063h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E0FE1 second address: 1E0FED instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E0FED second address: 1E1009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C1852F068h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E048B second address: 1E049B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F4C18DD9712h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E049B second address: 1E04A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E05DB second address: 1E05DF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E05DF second address: 1E05EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E05EB second address: 1E05F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4C18DD9706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E05F5 second address: 1E05F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E05F9 second address: 1E0601 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E0601 second address: 1E0608 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E07A9 second address: 1E07AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E0AC2 second address: 1E0AEA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F065h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F4C1852F05Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E0AEA second address: 1E0B2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnc 00007F4C18DD9722h 0x0000000d jmp 00007F4C18DD9719h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E0B2C second address: 1E0B46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4C1852F060h 0x00000009 jl 00007F4C1852F056h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E0CEB second address: 1E0CFF instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4C18DD9708h 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e je 00007F4C18DD9706h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E25AC second address: 1E25BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F05Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E25BA second address: 1E25C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E25C0 second address: 1E25C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E2654 second address: 1E2665 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jns 00007F4C18DD970Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E2665 second address: 1E2669 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E2669 second address: 1E268E instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4C18DD970Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jbe 00007F4C18DD970Ah 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pop edx 0x00000018 mov eax, dword ptr [eax] 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E268E second address: 1E2699 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4C1852F056h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E2699 second address: 1E269E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E269E second address: 1E26C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 jmp 00007F4C1852F063h 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E26C2 second address: 1E26C7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E2910 second address: 1E2914 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E2914 second address: 1E2918 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E29F3 second address: 1E29FD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F4C1852F056h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E29FD second address: 1E2A01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E2DCA second address: 1E2DCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E2DCE second address: 1E2DD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E2DD4 second address: 1E2DD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E3224 second address: 1E3228 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E3228 second address: 1E3240 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jl 00007F4C1852F056h 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E32D9 second address: 1E3301 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 jno 00007F4C18DD970Eh 0x0000000e xchg eax, ebx 0x0000000f and edi, dword ptr [ebp+122D3708h] 0x00000015 nop 0x00000016 jl 00007F4C18DD9714h 0x0000001c push eax 0x0000001d push edx 0x0000001e pushad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E37E8 second address: 1E37F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jns 00007F4C1852F056h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E37F5 second address: 1E37F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E37F9 second address: 1E3825 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F4C1852F064h 0x00000010 jmp 00007F4C1852F05Ch 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E3825 second address: 1E382B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E382B second address: 1E385C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 cmc 0x0000000a xchg eax, ebx 0x0000000b push ecx 0x0000000c jmp 00007F4C1852F05Bh 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 jmp 00007F4C1852F063h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E385C second address: 1E3861 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E45C8 second address: 1E45E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 push eax 0x00000007 pushad 0x00000008 ja 00007F4C1852F05Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E45E0 second address: 1E45E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E45E4 second address: 1E45E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E55EA second address: 1E5667 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C18DD970Eh 0x00000009 popad 0x0000000a nop 0x0000000b push esi 0x0000000c pop edi 0x0000000d push 00000000h 0x0000000f push 00000000h 0x00000011 push eax 0x00000012 call 00007F4C18DD9708h 0x00000017 pop eax 0x00000018 mov dword ptr [esp+04h], eax 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc eax 0x00000025 push eax 0x00000026 ret 0x00000027 pop eax 0x00000028 ret 0x00000029 pushad 0x0000002a mov al, 12h 0x0000002c cmc 0x0000002d popad 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ebp 0x00000033 call 00007F4C18DD9708h 0x00000038 pop ebp 0x00000039 mov dword ptr [esp+04h], ebp 0x0000003d add dword ptr [esp+04h], 0000001Bh 0x00000045 inc ebp 0x00000046 push ebp 0x00000047 ret 0x00000048 pop ebp 0x00000049 ret 0x0000004a sub dword ptr [ebp+122D57DEh], eax 0x00000050 or esi, 51A6F8F8h 0x00000056 xchg eax, ebx 0x00000057 push eax 0x00000058 push edx 0x00000059 push edi 0x0000005a jne 00007F4C18DD9706h 0x00000060 pop edi 0x00000061 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E4E86 second address: 1E4E8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E8C77 second address: 1E8C7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E8C7B second address: 1E8C7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E8C7F second address: 1E8C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E8C88 second address: 1E8C98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 js 00007F4C1852F05Eh 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EC1AC second address: 1EC1B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1ED078 second address: 1ED07E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1ED07E second address: 1ED082 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1ED082 second address: 1ED0DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a js 00007F4C1852F05Ch 0x00000010 ja 00007F4C1852F056h 0x00000016 pop ecx 0x00000017 nop 0x00000018 mov dword ptr [ebp+124592F0h], ecx 0x0000001e push 00000000h 0x00000020 mov ebx, dword ptr [ebp+122D1E92h] 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push ebx 0x0000002b call 00007F4C1852F058h 0x00000030 pop ebx 0x00000031 mov dword ptr [esp+04h], ebx 0x00000035 add dword ptr [esp+04h], 00000019h 0x0000003d inc ebx 0x0000003e push ebx 0x0000003f ret 0x00000040 pop ebx 0x00000041 ret 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 js 00007F4C1852F05Ch 0x0000004b jnc 00007F4C1852F056h 0x00000051 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1ED0DA second address: 1ED0DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EDF56 second address: 1EDF6E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F064h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EEEFB second address: 1EEF87 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 je 00007F4C18DD9706h 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F4C18DD9708h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 mov dword ptr [ebp+1245A877h], edx 0x0000002d push 00000000h 0x0000002f push 00000000h 0x00000031 push ebx 0x00000032 call 00007F4C18DD9708h 0x00000037 pop ebx 0x00000038 mov dword ptr [esp+04h], ebx 0x0000003c add dword ptr [esp+04h], 0000001Dh 0x00000044 inc ebx 0x00000045 push ebx 0x00000046 ret 0x00000047 pop ebx 0x00000048 ret 0x00000049 jmp 00007F4C18DD9714h 0x0000004e push 00000000h 0x00000050 pushad 0x00000051 mov ah, dh 0x00000053 mov dword ptr [ebp+122D1FD8h], edx 0x00000059 popad 0x0000005a add dword ptr [ebp+122D57FDh], edi 0x00000060 xchg eax, esi 0x00000061 push eax 0x00000062 push edx 0x00000063 jmp 00007F4C18DD970Ah 0x00000068 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F0F20 second address: 1F0F25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1A681C second address: 1A6852 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4C18DD970Ah 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F4C18DD9714h 0x00000013 jmp 00007F4C18DD970Fh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1A6852 second address: 1A686B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 jmp 00007F4C1852F05Eh 0x0000000c pop edi 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F4591 second address: 1F45EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD9719h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c or dword ptr [ebp+122D1F63h], eax 0x00000012 push 00000000h 0x00000014 xor ebx, 4AB918FDh 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edi 0x0000001f call 00007F4C18DD9708h 0x00000024 pop edi 0x00000025 mov dword ptr [esp+04h], edi 0x00000029 add dword ptr [esp+04h], 00000018h 0x00000031 inc edi 0x00000032 push edi 0x00000033 ret 0x00000034 pop edi 0x00000035 ret 0x00000036 movsx edi, ax 0x00000039 push eax 0x0000003a push eax 0x0000003b push edx 0x0000003c pushad 0x0000003d push eax 0x0000003e push edx 0x0000003f rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F45EA second address: 1F45F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EE1A8 second address: 1EE1AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EF0CF second address: 1EF0E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C1852F065h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EF0E9 second address: 1EF196 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4C18DD9713h 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e mov ebx, 65FEDDAFh 0x00000013 push dword ptr fs:[00000000h] 0x0000001a pushad 0x0000001b cld 0x0000001c sub dword ptr [ebp+124591A6h], ebx 0x00000022 popad 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a mov di, 571Fh 0x0000002e jp 00007F4C18DD971Ch 0x00000034 jmp 00007F4C18DD9716h 0x00000039 mov eax, dword ptr [ebp+122D14F1h] 0x0000003f push 00000000h 0x00000041 push eax 0x00000042 call 00007F4C18DD9708h 0x00000047 pop eax 0x00000048 mov dword ptr [esp+04h], eax 0x0000004c add dword ptr [esp+04h], 00000019h 0x00000054 inc eax 0x00000055 push eax 0x00000056 ret 0x00000057 pop eax 0x00000058 ret 0x00000059 mov edi, dword ptr [ebp+122D3838h] 0x0000005f push FFFFFFFFh 0x00000061 jo 00007F4C18DD9709h 0x00000067 mov bx, si 0x0000006a nop 0x0000006b push eax 0x0000006c push edx 0x0000006d jnc 00007F4C18DD971Ah 0x00000073 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F387F second address: 1F3883 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F11AA second address: 1F11AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F3883 second address: 1F389F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4C1852F061h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F00EE second address: 1F0192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov bh, F2h 0x0000000b push dword ptr fs:[00000000h] 0x00000012 mov bx, si 0x00000015 mov dword ptr fs:[00000000h], esp 0x0000001c jno 00007F4C18DD970Bh 0x00000022 call 00007F4C18DD9711h 0x00000027 and ebx, 64472067h 0x0000002d pop ebx 0x0000002e mov eax, dword ptr [ebp+122D0869h] 0x00000034 push 00000000h 0x00000036 push ecx 0x00000037 call 00007F4C18DD9708h 0x0000003c pop ecx 0x0000003d mov dword ptr [esp+04h], ecx 0x00000041 add dword ptr [esp+04h], 0000001Ah 0x00000049 inc ecx 0x0000004a push ecx 0x0000004b ret 0x0000004c pop ecx 0x0000004d ret 0x0000004e push FFFFFFFFh 0x00000050 push 00000000h 0x00000052 push ebp 0x00000053 call 00007F4C18DD9708h 0x00000058 pop ebp 0x00000059 mov dword ptr [esp+04h], ebp 0x0000005d add dword ptr [esp+04h], 00000015h 0x00000065 inc ebp 0x00000066 push ebp 0x00000067 ret 0x00000068 pop ebp 0x00000069 ret 0x0000006a mov di, 82D3h 0x0000006e nop 0x0000006f push eax 0x00000070 jp 00007F4C18DD9711h 0x00000076 pop eax 0x00000077 push eax 0x00000078 push edx 0x00000079 push eax 0x0000007a push edx 0x0000007b pushad 0x0000007c popad 0x0000007d rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F7519 second address: 1F751D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F751D second address: 1F7521 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F7521 second address: 1F752B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F752B second address: 1F752F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F8408 second address: 1F840D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F9410 second address: 1F9414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F9414 second address: 1F941A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F94D3 second address: 1F94EE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD9710h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F94EE second address: 1F94F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F94F2 second address: 1F9501 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD970Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F6575 second address: 1F657F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F657F second address: 1F6625 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 jp 00007F4C18DD9714h 0x0000000e jmp 00007F4C18DD970Eh 0x00000013 js 00007F4C18DD9710h 0x00000019 jmp 00007F4C18DD970Ah 0x0000001e popad 0x0000001f nop 0x00000020 mov dword ptr [ebp+122D29E2h], ecx 0x00000026 push dword ptr fs:[00000000h] 0x0000002d mov bx, 3EC1h 0x00000031 mov dword ptr fs:[00000000h], esp 0x00000038 mov edi, esi 0x0000003a call 00007F4C18DD970Ah 0x0000003f mov edi, ecx 0x00000041 pop edi 0x00000042 mov eax, dword ptr [ebp+122D13A5h] 0x00000048 push FFFFFFFFh 0x0000004a push 00000000h 0x0000004c push ebp 0x0000004d call 00007F4C18DD9708h 0x00000052 pop ebp 0x00000053 mov dword ptr [esp+04h], ebp 0x00000057 add dword ptr [esp+04h], 00000018h 0x0000005f inc ebp 0x00000060 push ebp 0x00000061 ret 0x00000062 pop ebp 0x00000063 ret 0x00000064 nop 0x00000065 jmp 00007F4C18DD970Ch 0x0000006a push eax 0x0000006b push eax 0x0000006c push edx 0x0000006d jmp 00007F4C18DD9719h 0x00000072 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1FC5FB second address: 1FC601 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F5770 second address: 1F577A instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4C18DD9706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F577A second address: 1F5802 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007F4C1852F058h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 00000018h 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 movzx ebx, si 0x00000028 push dword ptr fs:[00000000h] 0x0000002f push 00000000h 0x00000031 push eax 0x00000032 call 00007F4C1852F058h 0x00000037 pop eax 0x00000038 mov dword ptr [esp+04h], eax 0x0000003c add dword ptr [esp+04h], 00000014h 0x00000044 inc eax 0x00000045 push eax 0x00000046 ret 0x00000047 pop eax 0x00000048 ret 0x00000049 mov edi, 52CCCAEBh 0x0000004e mov dword ptr fs:[00000000h], esp 0x00000055 mov ebx, dword ptr [ebp+122D38B4h] 0x0000005b mov eax, dword ptr [ebp+122D03F9h] 0x00000061 jg 00007F4C1852F05Ch 0x00000067 push FFFFFFFFh 0x00000069 jmp 00007F4C1852F05Ah 0x0000006e nop 0x0000006f push eax 0x00000070 push edx 0x00000071 push esi 0x00000072 push edi 0x00000073 pop edi 0x00000074 pop esi 0x00000075 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F5802 second address: 1F5820 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD970Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d jne 00007F4C18DD9706h 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F5820 second address: 1F5834 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4C1852F060h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1F5834 second address: 1F5838 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1FA756 second address: 1FA760 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F4C1852F05Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 204881 second address: 204887 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1A4E50 second address: 1A4E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1A4E5A second address: 1A4E81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edi 0x00000006 jo 00007F4C18DD9706h 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop edi 0x0000000f popad 0x00000010 pushad 0x00000011 pushad 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 popad 0x00000016 jmp 00007F4C18DD970Ch 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e push ebx 0x0000001f pop ebx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 203FE2 second address: 203FEE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4C1852F056h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 203FEE second address: 203FF3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2152E9 second address: 2152EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 215C09 second address: 215C0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 215CF9 second address: 215CFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21BB91 second address: 21BB95 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21BB95 second address: 21BBA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C1852F05Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21AFAA second address: 21AFFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F4C18DD9706h 0x0000000a jmp 00007F4C18DD970Fh 0x0000000f jmp 00007F4C18DD970Dh 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 js 00007F4C18DD9724h 0x0000001d jmp 00007F4C18DD9718h 0x00000022 jg 00007F4C18DD9706h 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21AFFA second address: 21B000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21B000 second address: 21B007 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21B007 second address: 21B00E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21B180 second address: 21B19E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD9714h 0x00000007 js 00007F4C18DD9706h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21B19E second address: 21B1B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F4C1852F05Ah 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21B1B0 second address: 21B1B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21B306 second address: 21B30A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21B30A second address: 21B314 instructions: 0x00000000 rdtsc 0x00000002 js 00007F4C18DD9706h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21B76A second address: 21B76E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21B76E second address: 21B774 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21BA44 second address: 21BA48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21BA48 second address: 21BA56 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push edx 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 21BA56 second address: 21BA5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 222342 second address: 22234E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop edi 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 22234E second address: 222380 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F4C1852F056h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c je 00007F4C1852F092h 0x00000012 jmp 00007F4C1852F068h 0x00000017 jc 00007F4C1852F074h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 22136F second address: 22137D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 je 00007F4C18DD9706h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 220DC4 second address: 220DDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 jmp 00007F4C1852F060h 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 221D61 second address: 221D65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 221D65 second address: 221D6B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19C65F second address: 19C669 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F4C18DD9706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19C669 second address: 19C67C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4C1852F05Dh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 19C67C second address: 19C691 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jns 00007F4C18DD9706h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2297F2 second address: 2297FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F4C1852F056h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2297FC second address: 229817 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD9715h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 229817 second address: 22982F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 jmp 00007F4C1852F061h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 22996D second address: 229979 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F4C18DD9706h 0x0000000a push edi 0x0000000b pop edi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 229C80 second address: 229C84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 229C84 second address: 229C90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F4C18DD9706h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 229C90 second address: 229C9A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4C1852F05Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1C8CE8 second address: 1C8CF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1C8CF0 second address: 1C8CF4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1C8CF4 second address: 1C8D35 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4C18DD9706h 0x00000008 jmp 00007F4C18DD970Dh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007F4C18DD9716h 0x00000015 jmp 00007F4C18DD9711h 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 22AB67 second address: 22AB6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 22AB6D second address: 22AB77 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4C18DD9706h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 22AB77 second address: 22AB80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 232FE9 second address: 232FF3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4C18DD970Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E9DD2 second address: 1E9E1C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F060h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F4C1852F058h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000017h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 mov dx, 9842h 0x00000028 lea eax, dword ptr [ebp+1248FB45h] 0x0000002e mov dword ptr [ebp+122D1CB2h], edx 0x00000034 nop 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E9E1C second address: 1C8158 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD9718h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b jng 00007F4C18DD9710h 0x00000011 jmp 00007F4C18DD970Ah 0x00000016 nop 0x00000017 push 00000000h 0x00000019 push ebp 0x0000001a call 00007F4C18DD9708h 0x0000001f pop ebp 0x00000020 mov dword ptr [esp+04h], ebp 0x00000024 add dword ptr [esp+04h], 0000001Ch 0x0000002c inc ebp 0x0000002d push ebp 0x0000002e ret 0x0000002f pop ebp 0x00000030 ret 0x00000031 add ecx, dword ptr [ebp+122D3678h] 0x00000037 call dword ptr [ebp+12467AEAh] 0x0000003d jc 00007F4C18DD9727h 0x00000043 pushad 0x00000044 pushad 0x00000045 popad 0x00000046 jng 00007F4C18DD9706h 0x0000004c jmp 00007F4C18DD970Bh 0x00000051 popad 0x00000052 push eax 0x00000053 push edx 0x00000054 push edx 0x00000055 pop edx 0x00000056 push ecx 0x00000057 pop ecx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA373 second address: 1EA379 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA379 second address: 1EA37D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA5FF second address: 1EA604 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA6DA second address: 1EA6EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C18DD970Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA7C9 second address: 1EA7CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA7CD second address: 1EA7E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F4C18DD970Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA7E2 second address: 1EA7E6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA7E6 second address: 1EA803 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F4C18DD970Ch 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 push eax 0x00000012 push edx 0x00000013 push edi 0x00000014 pushad 0x00000015 popad 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA803 second address: 1EA809 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA809 second address: 1EA80D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA80D second address: 1EA844 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007F4C1852F067h 0x00000012 jmp 00007F4C1852F062h 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA844 second address: 1EA84E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F4C18DD9706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EA84E second address: 1EA852 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EAAB4 second address: 1EAAC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F4C18DD9706h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EAAC2 second address: 1EAB21 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F4C1852F056h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F4C1852F058h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 0000001Ah 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 push 00000004h 0x0000002a push 00000000h 0x0000002c push eax 0x0000002d call 00007F4C1852F058h 0x00000032 pop eax 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 add dword ptr [esp+04h], 00000017h 0x0000003f inc eax 0x00000040 push eax 0x00000041 ret 0x00000042 pop eax 0x00000043 ret 0x00000044 or dword ptr [ebp+12457CC5h], ecx 0x0000004a mov edx, edi 0x0000004c nop 0x0000004d pushad 0x0000004e push eax 0x0000004f push edx 0x00000050 push ecx 0x00000051 pop ecx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EB329 second address: 1EB398 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F4C18DD9719h 0x00000008 jmp 00007F4C18DD9713h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edi 0x00000011 pushad 0x00000012 jmp 00007F4C18DD9714h 0x00000017 jmp 00007F4C18DD970Bh 0x0000001c popad 0x0000001d pop edi 0x0000001e nop 0x0000001f mov cx, FA92h 0x00000023 lea eax, dword ptr [ebp+1248FB89h] 0x00000029 xor dword ptr [ebp+122D24B5h], edi 0x0000002f nop 0x00000030 push eax 0x00000031 push edx 0x00000032 je 00007F4C18DD971Ah 0x00000038 jmp 00007F4C18DD9714h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EB398 second address: 1EB3AB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jc 00007F4C1852F056h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EB3AB second address: 1EB3B1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EB3B1 second address: 1EB422 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F4C1852F056h 0x00000009 jmp 00007F4C1852F069h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 xor dword ptr [ebp+12456805h], ebx 0x00000018 lea eax, dword ptr [ebp+1248FB45h] 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 call 00007F4C1852F058h 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b add dword ptr [esp+04h], 0000001Ch 0x00000033 inc eax 0x00000034 push eax 0x00000035 ret 0x00000036 pop eax 0x00000037 ret 0x00000038 movsx edx, ax 0x0000003b nop 0x0000003c push eax 0x0000003d push eax 0x0000003e pushad 0x0000003f popad 0x00000040 pop eax 0x00000041 pop eax 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 pushad 0x00000046 jmp 00007F4C1852F05Ah 0x0000004b pushad 0x0000004c popad 0x0000004d popad 0x0000004e rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EB422 second address: 1C8CF0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD9713h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F4C18DD9708h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 jo 00007F4C18DD971Ch 0x0000002a jmp 00007F4C18DD9716h 0x0000002f mov edx, dword ptr [ebp+122D1DD7h] 0x00000035 call 00007F4C18DD9716h 0x0000003a movzx ecx, si 0x0000003d pop edi 0x0000003e call dword ptr [ebp+122D20C0h] 0x00000044 pushad 0x00000045 jnp 00007F4C18DD970Ch 0x0000004b push eax 0x0000004c push edx 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2320C1 second address: 2320EE instructions: 0x00000000 rdtsc 0x00000002 je 00007F4C1852F06Ch 0x00000008 jmp 00007F4C1852F066h 0x0000000d jo 00007F4C1852F058h 0x00000013 pushad 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2320EE second address: 2320F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2322C0 second address: 2322CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F4C1852F056h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2322CA second address: 2322DC instructions: 0x00000000 rdtsc 0x00000002 jng 00007F4C18DD9706h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2323FD second address: 23241C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F4C1852F069h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2326D7 second address: 2326E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F4C18DD9706h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 232887 second address: 23288C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23288C second address: 232895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 232895 second address: 232899 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 232A4C second address: 232A84 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4C18DD9728h 0x00000008 pushad 0x00000009 jmp 00007F4C18DD970Bh 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 232BDC second address: 232BEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F05Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 236A7B second address: 236A92 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 pushad 0x0000000a popad 0x0000000b push edi 0x0000000c pop edi 0x0000000d popad 0x0000000e push edx 0x0000000f jnc 00007F4C18DD9706h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23FDA8 second address: 23FDB2 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4C1852F056h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23FDB2 second address: 23FDB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23E58C second address: 23E592 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23E592 second address: 23E598 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23E759 second address: 23E75D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23E94B second address: 23E94F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23E94F second address: 23E977 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F4C1852F062h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4C1852F05Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23EAAF second address: 23EAB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23EAB3 second address: 23EAF8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F4C1852F05Eh 0x0000000c pushad 0x0000000d popad 0x0000000e jnc 00007F4C1852F056h 0x00000014 js 00007F4C1852F05Ah 0x0000001a pushad 0x0000001b popad 0x0000001c pushad 0x0000001d popad 0x0000001e popad 0x0000001f pushad 0x00000020 jmp 00007F4C1852F063h 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F4C1852F060h 0x0000002c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23F092 second address: 23F096 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23FAD2 second address: 23FAD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23FAD8 second address: 23FAEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C18DD970Fh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23FAEC second address: 23FAF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F4C1852F056h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23FAF8 second address: 23FAFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 23FAFC second address: 23FB00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 243FC5 second address: 243FCF instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 243FCF second address: 243FD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 243FD3 second address: 243FE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007F4C18DD9706h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2442B2 second address: 2442D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 je 00007F4C1852F056h 0x0000000c jp 00007F4C1852F056h 0x00000012 push eax 0x00000013 pop eax 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 jne 00007F4C1852F05Eh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2442D7 second address: 2442F9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4C18DD9717h 0x00000008 jbe 00007F4C18DD9706h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 244738 second address: 244742 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop esi 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 247D54 second address: 247D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pushad 0x00000007 js 00007F4C18DD9708h 0x0000000d pushad 0x0000000e popad 0x0000000f jbe 00007F4C18DD972Bh 0x00000015 jmp 00007F4C18DD9711h 0x0000001a jmp 00007F4C18DD9714h 0x0000001f pushad 0x00000020 jmp 00007F4C18DD970Eh 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 247D9F second address: 247DA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2474BD second address: 2474FB instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnl 00007F4C18DD9712h 0x0000000e jmp 00007F4C18DD9718h 0x00000013 popad 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 jns 00007F4C18DD9706h 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25052B second address: 250551 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 pop ebx 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pushad 0x00000010 popad 0x00000011 pop edx 0x00000012 jmp 00007F4C1852F064h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 24EB66 second address: 24EB6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 24EB6C second address: 24EB70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 24F413 second address: 24F419 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 24F419 second address: 24F41D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1EB08B second address: 1EB08F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 24FF4D second address: 24FF53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 24FF53 second address: 24FF5D instructions: 0x00000000 rdtsc 0x00000002 ja 00007F4C18DD9706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 24FF5D second address: 24FF63 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1A342A second address: 1A3448 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD970Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jne 00007F4C18DD970Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2538B9 second address: 2538CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C1852F060h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 253A2B second address: 253A43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F4C18DD9711h 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 253A43 second address: 253A49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 253B64 second address: 253B85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F4C18DD9706h 0x0000000a pop esi 0x0000000b jmp 00007F4C18DD9716h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 253B85 second address: 253BAC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop eax 0x00000007 jmp 00007F4C1852F062h 0x0000000c popad 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jc 00007F4C1852F05Eh 0x00000016 pushad 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 253BAC second address: 253BB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 253EE1 second address: 253EF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop esi 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 253EF2 second address: 253EFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 253EFA second address: 253F01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 253F01 second address: 253F0E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007F4C18DD9706h 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25408E second address: 254092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 254092 second address: 254096 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25434E second address: 254354 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2590E1 second address: 2590E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2590E5 second address: 2590E9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2610F3 second address: 2610F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2610F8 second address: 261100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25F872 second address: 25F884 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F4C18DD970Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25F9E2 second address: 25F9E6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25F9E6 second address: 25F9F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD970Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25F9F7 second address: 25FA02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25FA02 second address: 25FA0D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25FA0D second address: 25FA17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25FA17 second address: 25FA1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25FA1D second address: 25FA39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 je 00007F4C1852F064h 0x0000000b jmp 00007F4C1852F05Ch 0x00000010 push edx 0x00000011 pop edx 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 25FA39 second address: 25FA3F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 26071F second address: 260757 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F4C1852F067h 0x00000008 pop ebx 0x00000009 jmp 00007F4C1852F061h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 jo 00007F4C1852F056h 0x00000019 pop ebx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 264F8A second address: 264FB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C18DD9713h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F4C18DD970Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 264FB3 second address: 264FBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 264FBF second address: 264FC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 26680E second address: 26681A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4C1852F056h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 26681A second address: 266850 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 pop eax 0x00000008 jmp 00007F4C18DD9714h 0x0000000d jmp 00007F4C18DD970Eh 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 pop eax 0x00000016 je 00007F4C18DD9706h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 266850 second address: 266864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C1852F05Ah 0x00000009 popad 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 266864 second address: 26687F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4C18DD9706h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F4C18DD970Eh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 26687F second address: 2668B6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F060h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jl 00007F4C1852F06Bh 0x0000000f jmp 00007F4C1852F063h 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 jne 00007F4C1852F056h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 26B12C second address: 26B130 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 26B130 second address: 26B139 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 26B139 second address: 26B15B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C18DD970Eh 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F4C18DD970Dh 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 26B15B second address: 26B18C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jns 00007F4C1852F056h 0x00000009 jno 00007F4C1852F056h 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push edi 0x00000013 jmp 00007F4C1852F060h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F4C1852F05Ch 0x0000001f rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 26B465 second address: 26B470 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 26B470 second address: 26B476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 26B476 second address: 26B47A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2785E7 second address: 2785EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2785EF second address: 2785F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2785F7 second address: 278613 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push ebx 0x00000007 jnp 00007F4C1852F062h 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 278011 second address: 278015 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 27819E second address: 2781B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C1852F064h 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2781B7 second address: 2781C1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F4C18DD970Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2781C1 second address: 2781E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C1852F05Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F4C1852F058h 0x00000013 jmp 00007F4C1852F05Dh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2781E8 second address: 2781EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2781EE second address: 2781F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2781F2 second address: 2781F8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2781F8 second address: 278201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 27B8A7 second address: 27B8BB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4C18DD9710h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 27B8BB second address: 27B8BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 27BA0B second address: 27BA13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 27ED94 second address: 27EDB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F4C1852F05Bh 0x00000009 jmp 00007F4C1852F061h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 28A136 second address: 28A14E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F4C18DD9706h 0x0000000a jmp 00007F4C18DD970Dh 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 28A14E second address: 28A16B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F4C1852F066h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 28A16B second address: 28A179 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jne 00007F4C18DD9706h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 290F1B second address: 290F27 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jc 00007F4C1852F056h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 290D69 second address: 290D7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F4C18DD9706h 0x0000000a pop ebx 0x0000000b jmp 00007F4C18DD970Bh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 296F57 second address: 296F5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 296F5C second address: 296F70 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F4C18DD9706h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2971D0 second address: 2971D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2971D4 second address: 2971EE instructions: 0x00000000 rdtsc 0x00000002 js 00007F4C18DD9706h 0x00000008 jnl 00007F4C18DD9706h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jng 00007F4C18DD9706h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2971EE second address: 297209 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4C1852F065h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 297685 second address: 29768B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 29768B second address: 2976AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C1852F066h 0x00000009 popad 0x0000000a pushad 0x0000000b jo 00007F4C1852F06Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2976AF second address: 2976CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C18DD9710h 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F4C18DD9706h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 29BE5E second address: 29BE83 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F065h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d js 00007F4C1852F056h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 29BE83 second address: 29BEA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F4C18DD9716h 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 29C02C second address: 29C03F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F4C1852F056h 0x0000000d jnp 00007F4C1852F056h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2A68A0 second address: 2A68A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2A68A9 second address: 2A68C8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F4C1852F069h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2A68C8 second address: 2A68CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2A68CE second address: 2A68D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2A9078 second address: 2A90BD instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F4C18DD9706h 0x00000008 js 00007F4C18DD9706h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 jmp 00007F4C18DD9719h 0x00000015 pop ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 push edx 0x0000001a pop edx 0x0000001b push edx 0x0000001c pop edx 0x0000001d jmp 00007F4C18DD9713h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2A90BD second address: 2A90C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2AB924 second address: 2AB939 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jns 00007F4C18DD9706h 0x0000000c popad 0x0000000d pop esi 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 push edi 0x00000012 pop edi 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2B999E second address: 2B99A2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C0F2B second address: 2C0F41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C18DD970Fh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C03C6 second address: 2C03DB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F4C1852F060h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C0BF0 second address: 2C0C02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F4C18DD9706h 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C4001 second address: 2C402C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F05Bh 0x00000007 jmp 00007F4C1852F066h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pop eax 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C8723 second address: 2C872D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F4C18DD9706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C872D second address: 2C8731 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2CAFCD second address: 2CAFD3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2CAFD3 second address: 2CAFD9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2CCA59 second address: 2CCA65 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F4C18DD9706h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C4192 second address: 2C4196 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C4196 second address: 2C41B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F4C18DD9714h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C41B0 second address: 2C41B5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C41B5 second address: 2C41BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C42E6 second address: 2C4312 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F4C1852F064h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jp 00007F4C1852F066h 0x00000011 jmp 00007F4C1852F05Ah 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C4312 second address: 2C433A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F4C18DD9724h 0x0000000a jmp 00007F4C18DD970Eh 0x0000000f jmp 00007F4C18DD9710h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C4469 second address: 2C4498 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 jmp 00007F4C1852F060h 0x0000000a pop esi 0x0000000b push edx 0x0000000c jmp 00007F4C1852F066h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C4498 second address: 2C44A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C44A6 second address: 2C44AA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C44AA second address: 2C44B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C44B0 second address: 2C44B5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 2C5572 second address: 2C55A4 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F4C18DD970Ah 0x00000008 push edi 0x00000009 pop edi 0x0000000a push edi 0x0000000b pop edi 0x0000000c push ebx 0x0000000d jno 00007F4C18DD9706h 0x00000013 push edi 0x00000014 pop edi 0x00000015 pop ebx 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push edi 0x0000001b jmp 00007F4C18DD970Ah 0x00000020 pop edi 0x00000021 pushad 0x00000022 jp 00007F4C18DD9706h 0x00000028 push eax 0x00000029 pop eax 0x0000002a push edx 0x0000002b pop edx 0x0000002c popad 0x0000002d rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E5438 second address: 1E543C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\random.exeRDTSC instruction interceptor: First address: 1E543C second address: 1E5452 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F4C18DD970Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\random.exeSpecial instruction interceptor: First address: 2D9F1 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\random.exeSpecial instruction interceptor: First address: 1D7387 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\random.exeSpecial instruction interceptor: First address: 271671 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\random.exeMemory allocated: 4C90000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\random.exeMemory allocated: 4F50000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\random.exeMemory allocated: 4C90000 memory reserve | memory write watch
Source: C:\Users\user\Desktop\random.exeRegistry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc
Source: C:\Users\user\Desktop\random.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion
Source: C:\Users\user\Desktop\random.exeRegistry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D409C rdtsc
Source: C:\Users\user\Desktop\random.exeThread delayed: delay time: 922337203685477
Source: C:\Users\user\Desktop\random.exe TID: 6208Thread sleep time: -922337203685477s >= -30000s
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_002108EA GetSystemInfo,VirtualAlloc,
Source: C:\Users\user\Desktop\random.exeThread delayed: delay time: 922337203685477
Source: random.exe, 00000000.00000002.1800784604.00000000001B8000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: random.exe, 00000000.00000002.1800784604.00000000001B8000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\random.exeSystem information queried: ModuleInformation
Source: C:\Users\user\Desktop\random.exeProcess information queried: ProcessInformation

Anti Debugging

barindex
Source: C:\Users\user\Desktop\random.exeThread information set: HideFromDebugger
Source: C:\Users\user\Desktop\random.exeOpen window title or class name: regmonclass
Source: C:\Users\user\Desktop\random.exeOpen window title or class name: gbdyllo
Source: C:\Users\user\Desktop\random.exeOpen window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\random.exeOpen window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\random.exeOpen window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\random.exeOpen window title or class name: ollydbg
Source: C:\Users\user\Desktop\random.exeOpen window title or class name: filemonclass
Source: C:\Users\user\Desktop\random.exeOpen window title or class name: file monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\random.exeFile opened: NTICE
Source: C:\Users\user\Desktop\random.exeFile opened: SICE
Source: C:\Users\user\Desktop\random.exeFile opened: SIWVID
Source: C:\Users\user\Desktop\random.exeProcess queried: DebugPort
Source: C:\Users\user\Desktop\random.exeProcess queried: DebugPort
Source: C:\Users\user\Desktop\random.exeProcess queried: DebugPort
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_001D409C rdtsc
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0002B7C2 LdrInitializeThunk,
Source: C:\Users\user\Desktop\random.exeProcess token adjusted: Debug
Source: C:\Users\user\Desktop\random.exeMemory allocated: page read and write | page guard
Source: random.exe, random.exe, 00000000.00000002.1801172379.00000000001FE000.00000040.00000001.01000000.00000003.sdmpBinary or memory string: Program Manager
Source: C:\Users\user\Desktop\random.exeCode function: 0_2_0020AA66 GetSystemTime,GetFileTime,

Lowering of HIPS / PFW / Operating System Security Settings

barindex
Source: C:\Users\user\Desktop\random.exeRegistry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableIOAVProtection 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time ProtectionRegistry value created: DisableRealtimeMonitoring 1Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\NotificationsRegistry value created: DisableNotifications 1Jump to behavior
Source: C:\Users\user\Desktop\random.exeRegistry value created: TamperProtection 0Jump to behavior
Source: C:\Users\user\Desktop\random.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptionsJump to behavior
Source: C:\Users\user\Desktop\random.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdatesJump to behavior
Source: C:\Users\user\Desktop\random.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocationsJump to behavior

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid Accounts2
Command and Scripting Interpreter		1
DLL Side-Loading		1
Process Injection		1
Masquerading		OS Credential Dumping1
System Time Discovery		Remote Services1
Archive Collected Data		2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
DLL Side-Loading		41
Disable or Modify Tools		LSASS Memory641
Security Software Discovery		Remote Desktop ProtocolData from Removable MediaJunk DataExfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)2
Bypass User Account Control		261
Virtualization/Sandbox Evasion		Security Account Manager2
Process Discovery		SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
Process Injection		NTDS261
Virtualization/Sandbox Evasion		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
Deobfuscate/Decode Files or Information		LSA Secrets24
System Information Discovery		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts3
Obfuscated Files or Information		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
Software Packing		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
DLL Side-Loading		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
Bypass User Account Control		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1604681 Sample: random.exe Startdate: 01/02/2025 Architecture: WINDOWS Score: 100 11 Multi AV Scanner detection for submitted file 2->11 13 Machine Learning detection for sample 2->13 15 PE file contains section with special chars 2->15 17 Joe Sandbox ML detected suspicious sample 2->17 5 random.exe 9 1 2->5         started        process3 file4 9 C:\Users\user\AppData\...\random.exe.log, CSV 5->9 dropped 19 Detected unpacking (changes PE section rights) 5->19 21 Tries to detect sandboxes and other dynamic analysis tools (window names) 5->21 23 Modifies windows update settings 5->23 25 8 other signatures 5->25 signatures5

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
random.exe62%VirustotalBrowse
random.exe100%Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

No Antivirus matches

Domains and IPs

Contacted Domains

No contacted domains info

World Map of Contacted IPs

No contacted IP infos

General Information

Joe Sandbox version:42.0.0 Malachite
Analysis ID:1604681
Start date and time:2025-02-01 21:31:17 +01:00
Joe Sandbox product:CloudBasic
Overall analysis duration:0h 2m 34s
Hypervisor based Inspection enabled:false
Report type:light
Cookbook file name:default.jbs
Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:2
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • HCA enabled
  • EGA enabled
  • AMSI enabled
Analysis Mode:default
Analysis stop reason:Timeout
Sample name:random.exe
Detection:MAL
Classification:mal100.evad.winEXE@1/1@0/0
EGA Information:
  • Successful, ratio: 100%
HCA Information:Failed
Cookbook Comments:
  • Found application associated with file extension: .exe
  • Stop behavior analysis, all processes terminated
  • Exclude process from analysis (whitelisted): SIHClient.exe
  • Report size getting too big, too many NtProtectVirtualMemory calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASNs

No context

JA3 Fingerprints

No context

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\random.exe.log

Download File
Process:C:\Users\user\Desktop\random.exe
File Type:CSV text
Category:dropped
Size (bytes):226
Entropy (8bit):5.360398796477698
Encrypted:false
SSDEEP:6:Q3La/xw5DLIP12MUAvvR+uTL2ql2ABgTv:Q3La/KDLI4MWuPTAv
MD5:3A8957C6382192B71471BD14359D0B12
SHA1:71B96C965B65A051E7E7D10F61BEBD8CCBB88587
SHA-256:282FBEFDDCFAA0A9DBDEE6E123791FC4B8CB870AE9D450E6394D2ACDA3D8F56D
SHA-512:76C108641F682F785A97017728ED51565C4F74B61B24E190468E3A2843FCC43615C6C8ABE298750AF238D7A44E97C001E3BE427B49900432F905A7CE114AA9AD
Malicious:true
Reputation:high, very likely benign file
Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

Static File Info

General

File type:PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):6.473832513636824
TrID:
  • Win32 Executable (generic) a (10002005/4) 99.96%
  • Generic Win/DOS Executable (2004/3) 0.02%
  • DOS Executable Generic (2002/1) 0.02%
  • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:random.exe
File size:2'834'432 bytes
MD5:b371d530e55c6193d9a67acacfa95ce0
SHA1:6596c107a265b42bb6f3d6679f2addbf63a1d8d3
SHA256:155e2d08a4f23810a4d7784bac7dc2c42ed5242757b685f27c8ff8143a2ed562
SHA512:68d2c89f6c97eda5603b80c2221c9879c142d951af95289466928b0f92b172d8c76be8f8565fd46276cc6425dcdf4acbe064714b06f1b5424d274e9972e2c456
SSDEEP:49152:VHuFGX3r8WlKQQSG7ZHvYJT5UNIV/YLgGc9:VOFGX3r8WlK5z7JYJT5vYLA
TLSH:11D53BA2B569F2CFE48A12789667CD4A596D0BB847240CC3DC6DB4BE7DA3CC111B7C24
File Content Preview:MZ......................@...........z...................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P(,e.........."...0..$............+.. ...`....@.. ........................,..... .+...`................................

File Icon

Icon Hash:90cececece8e8eb0

Static PE Info

General

Entrypoint:0x6bc000
Entrypoint Section:.taggant
Digitally signed:false
Imagebase:0x400000
Subsystem:windows gui
Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE
Time Stamp:0x652C2850 [Sun Oct 15 17:58:40 2023 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:4
OS Version Minor:0
File Version Major:4
File Version Minor:0
Subsystem Version Major:4
Subsystem Version Minor:0
Import Hash:2eabe9054cad5152567f0699947a2c5b
Instruction
jmp 00007F4C1935281Ah
hint_nop dword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
NameVirtual AddressVirtual Size Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IMPORT0x80550x69.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE0x60000x668.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
IMAGE_DIRECTORY_ENTRY_BASERELOC0x81f80x8.idata
IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
IMAGE_DIRECTORY_ENTRY_TLS0x00x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_IAT0x00x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

Sections

NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
0x20000x40000x1200d28d91c914d1917813f93cc1aabbb8a9False0.9338107638888888data7.795968193062358IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc0x60000x6680x400ffd3e78b51ed8080ebcae82febad40e7False0.80078125data6.4661180632954265IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata 0x80000x20000x200ec9cb51e8cb4ea49a56ee3cf434fb69eFalse0.1484375data0.9342685949460681IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
vjfqhjlc0xa0000x2b00000x2ae200b24c5579746a5b13b30649387819522funknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
iosfcsbn0x2ba0000x20000x400850db5010693dfe0ed8c9a69a7130e18False0.810546875data6.285300310327538IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant0x2bc0000x40000x22008089d39367e63b13480f2fea99ce3a5bFalse0.006433823529411764DOS executable (COM)0.019571456231530684IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
NameRVASizeTypeLanguageCountryZLIB Complexity
RT_VERSION0x2b7af80x30cdata0.42948717948717946
RT_MANIFEST0x2b7e040x2bbXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.4978540772532189
DLLImport
kernel32.dlllstrcpy
DescriptionData
Translation0x0000 0x04b0
Comments
CompanyName
FileDescriptiondefOff
FileVersion1.0.0.0
InternalNamedefOff.exe
LegalCopyrightCopyright 2023
LegalTrademarks
OriginalFilenamedefOff.exe
ProductNamedefOff
ProductVersion1.0.0.0
Assembly Version1.0.0.0

Network Behavior

No network behavior found

Statistics

No statistics

System Behavior

General

Target ID:0
Start time:15:32:06
Start date:01/02/2025
Path:C:\Users\user\Desktop\random.exe
Wow64 process (32bit):true
Commandline:"C:\Users\user\Desktop\random.exe"
Imagebase:0x20000
File size:2'834'432 bytes
MD5 hash:B371D530E55C6193D9A67ACACFA95CE0
Has elevated privileges:true
Has administrator privileges:true
Programmed in:C, C++ or other language
Reputation:low
Has exited:true

File Activities

Registry Activities


Disassembly

No disassembly