Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1532434
MD5: 94eedad5efd6b4130b472b769b0a5c35
SHA1: db9d4f3b42ce62fae1ddcdea627390f1705f0fd9
SHA256: 2b87095a88843574715151c409bc2d2f86431f50c6692247b77d3c3a7afd75cd
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to detect virtual machines (SIDT)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A04867 CryptVerifySignatureA, 0_2_00A04867
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.1804351796.0000000000822000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1669447399.0000000004D90000.00000004.00001000.00020000.00000000.sdmp

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099B19B 0_2_0099B19B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099F2E4 0_2_0099F2E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009FE225 0_2_009FE225
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A036F 0_2_009A036F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00933604 0_2_00933604
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099967E 0_2_0099967E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008BA7FA 0_2_008BA7FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009948F3 0_2_009948F3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A399E 0_2_009A399E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00997BE8 0_2_00997BE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_008E7B12 0_2_008E7B12
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0099CC15 0_2_0099CC15
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00966C65 0_2_00966C65
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00949DD8 0_2_00949DD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009A1DE5 0_2_009A1DE5
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 009FF85C appears 35 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000002.1804382221.0000000000826000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Static PE information: Section: xnyyorma ZLIB complexity 0.9947547969448585
Source: classification engine Classification label: mal100.evad.winEXE@1/1@0/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 1743360 > 1048576
Source: file.exe Static PE information: Raw size of xnyyorma is bigger than: 0x100000 < 0x1a3600
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000002.1804351796.0000000000822000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1669447399.0000000004D90000.00000004.00001000.00020000.00000000.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.820000.0.unpack :EW;.rsrc:W;.idata :W; :EW;xnyyorma:EW;coaxywia:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1b2350 should be: 0x1ac2bd
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: xnyyorma
Source: file.exe Static PE information: section name: coaxywia
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B609B push 4BC17F26h; mov dword ptr [esp], ebx 0_2_009B9255
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C0091 push eax; mov dword ptr [esp], 3AFE1AD6h 0_2_009C01F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BE095 push eax; ret 0_2_009BE0A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B7094 push 47433A0Ah; mov dword ptr [esp], edx 0_2_009B70A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A250B0 push 55A9231Dh; mov dword ptr [esp], eax 0_2_00A25107
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A250B0 push ebx; mov dword ptr [esp], eax 0_2_00A2512F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A70083 push edx; mov dword ptr [esp], eax 0_2_00A700D4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A70083 push edi; mov dword ptr [esp], ecx 0_2_00A700DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A70083 push 3B7B35BAh; mov dword ptr [esp], edx 0_2_00A701D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A70083 push esi; mov dword ptr [esp], ebp 0_2_00A702B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B80BC push eax; mov dword ptr [esp], esi 0_2_009B83B0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A3508D push ebp; mov dword ptr [esp], edx 0_2_00A3512B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A59090 push esi; mov dword ptr [esp], 330B3EE5h 0_2_00A59123
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A59090 push 50883D78h; mov dword ptr [esp], eax 0_2_00A59133
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B70D8 push eax; mov dword ptr [esp], 15E4EF5Eh 0_2_009B70DA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0090A0D6 push 03746967h; mov dword ptr [esp], edi 0_2_0090A0F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0090A0D6 push edx; mov dword ptr [esp], eax 0_2_0090A137
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C60D4 push 32768A93h; mov dword ptr [esp], ecx 0_2_009C6183
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A570EF push ebp; mov dword ptr [esp], esi 0_2_00A57115
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A570EF push 2C7DD340h; mov dword ptr [esp], esi 0_2_00A5713B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B60C1 push 7E7327DBh; mov dword ptr [esp], edi 0_2_009B67E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BD0FF push ecx; mov dword ptr [esp], ebp 0_2_009BD1F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C00F9 push ebp; mov dword ptr [esp], 4FF35B1Eh 0_2_009C015D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C00F9 push ebp; mov dword ptr [esp], edi 0_2_009C026C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BE0E6 push esi; ret 0_2_009BE0F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B501F push eax; mov dword ptr [esp], esp 0_2_009B8E49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009B1015 push 7C97F055h; mov dword ptr [esp], eax 0_2_009B101D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C600E push esi; mov dword ptr [esp], edx 0_2_009C6292
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009C600E push 73D910F2h; mov dword ptr [esp], esi 0_2_009C629F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BE007 push ecx; ret 0_2_009BE016
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0094F031 push ecx; mov dword ptr [esp], eax 0_2_0094F042
Source: file.exe Static PE information: section name: entropy: 7.804495319048474
Source: file.exe Static PE information: section name: xnyyorma entropy: 7.952908636162783

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82DA2E second address: 82DA34 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82DA34 second address: 82DA38 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 82DA38 second address: 82DA3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 999164 second address: 999168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 999168 second address: 999172 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 999172 second address: 999176 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9A7D51 second address: 9A7D68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F20D8D0D9FDh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9A7D68 second address: 9A7D6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9A7FF4 second address: 9A7FFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9A7FFE second address: 9A8006 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9ABF00 second address: 9ABF0A instructions: 0x00000000 rdtsc 0x00000002 jns 00007F20D8D0D9FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9ABF0A second address: 9ABF1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push edx 0x0000000b jp 00007F20D92506CCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9ABF1D second address: 82DA2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 mov eax, dword ptr [eax] 0x00000007 jne 00007F20D8D0D9FEh 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 jmp 00007F20D8D0D9FBh 0x00000016 pop eax 0x00000017 jbe 00007F20D8D0D9F9h 0x0000001d movsx ecx, di 0x00000020 push dword ptr [ebp+122D0239h] 0x00000026 sub dword ptr [ebp+122D2C50h], edi 0x0000002c call dword ptr [ebp+122D17BEh] 0x00000032 pushad 0x00000033 jp 00007F20D8D0DA03h 0x00000039 xor eax, eax 0x0000003b stc 0x0000003c mov edx, dword ptr [esp+28h] 0x00000040 xor dword ptr [ebp+122D311Ch], eax 0x00000046 mov dword ptr [ebp+122D37B9h], eax 0x0000004c sub dword ptr [ebp+122D1A6Ch], esi 0x00000052 mov esi, 0000003Ch 0x00000057 mov dword ptr [ebp+122D2B76h], edx 0x0000005d add esi, dword ptr [esp+24h] 0x00000061 stc 0x00000062 jmp 00007F20D8D0DA05h 0x00000067 lodsw 0x00000069 pushad 0x0000006a pushad 0x0000006b mov esi, eax 0x0000006d popad 0x0000006e mov dl, cl 0x00000070 popad 0x00000071 sub dword ptr [ebp+122D1A6Ch], ecx 0x00000077 add eax, dword ptr [esp+24h] 0x0000007b mov dword ptr [ebp+122D2B76h], esi 0x00000081 mov ebx, dword ptr [esp+24h] 0x00000085 cld 0x00000086 nop 0x00000087 push eax 0x00000088 push edx 0x00000089 push edx 0x0000008a pushad 0x0000008b popad 0x0000008c pop edx 0x0000008d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9AC0B0 second address: 9AC0B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9AC0B4 second address: 9AC0B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9AC16A second address: 9AC170 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9AC170 second address: 9AC174 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9AC174 second address: 9AC1EE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xor dword ptr [esp], 4A6D9363h 0x0000000f mov ecx, dword ptr [ebp+122D3841h] 0x00000015 mov edx, edi 0x00000017 push 00000003h 0x00000019 pushad 0x0000001a mov edx, dword ptr [ebp+122D3761h] 0x00000020 mov edx, dword ptr [ebp+122D30DBh] 0x00000026 popad 0x00000027 push 00000000h 0x00000029 sub dword ptr [ebp+122D1BFBh], esi 0x0000002f push 00000003h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F20D92506C8h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 0000001Bh 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b mov ecx, dword ptr [ebp+122D3651h] 0x00000051 jmp 00007F20D92506D7h 0x00000056 push C971FAA1h 0x0000005b push edx 0x0000005c push edi 0x0000005d push eax 0x0000005e push edx 0x0000005f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CAF5A second address: 9CAF5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CAF5E second address: 9CAF73 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F20D92506C6h 0x00000008 jg 00007F20D92506C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CAF73 second address: 9CAF78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CAF78 second address: 9CAF8D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506CFh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CAF8D second address: 9CAF91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CB100 second address: 9CB12B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F20D92506C6h 0x00000008 jmp 00007F20D92506CCh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F20D92506CEh 0x00000014 pop edi 0x00000015 push eax 0x00000016 push edx 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CB12B second address: 9CB143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20D8D0DA04h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CB143 second address: 9CB15A instructions: 0x00000000 rdtsc 0x00000002 jl 00007F20D92506C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F20D92506CDh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CC668 second address: 9CC682 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D8D0DA06h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CC682 second address: 9CC68B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CC68B second address: 9CC696 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F20D8D0D9F6h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CC905 second address: 9CC90B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CC90B second address: 9CC92A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F20D8D0DA09h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CC92A second address: 9CC92F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CF0AA second address: 9CF0AF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CF242 second address: 9CF27D instructions: 0x00000000 rdtsc 0x00000002 jp 00007F20D92506D4h 0x00000008 jmp 00007F20D92506CEh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 jno 00007F20D92506C6h 0x00000019 jmp 00007F20D92506D8h 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CF27D second address: 9CF2CE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D8D0DA03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jmp 00007F20D8D0DA04h 0x00000012 mov eax, dword ptr [eax] 0x00000014 pushad 0x00000015 jns 00007F20D8D0DA0Bh 0x0000001b push eax 0x0000001c push edx 0x0000001d pushad 0x0000001e popad 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CF2CE second address: 9CF2E2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c jl 00007F20D92506CCh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CDACD second address: 9CDAD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CDAD1 second address: 9CDADB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9CDADB second address: 9CDADF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D0670 second address: 9D0679 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D7AC3 second address: 9D7ACF instructions: 0x00000000 rdtsc 0x00000002 js 00007F20D8D0D9F6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D7C45 second address: 9D7C4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D7C4B second address: 9D7C5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F20D8D0D9F6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D7C5C second address: 9D7C60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D7C60 second address: 9D7C6A instructions: 0x00000000 rdtsc 0x00000002 jno 00007F20D8D0D9F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D7DAD second address: 9D7DB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D7DB3 second address: 9D7DD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D8D0D9FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push ecx 0x0000000f pop ecx 0x00000010 pushad 0x00000011 popad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D835D second address: 9D8362 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D8D50 second address: 9D8D54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D8D54 second address: 9D8D78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F20D92506CBh 0x0000000c jns 00007F20D92506C6h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 jnp 00007F20D92506C6h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D8D78 second address: 9D8D7C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D8D7C second address: 9D8DB5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [esp+04h] 0x0000000b jnc 00007F20D92506D9h 0x00000011 mov eax, dword ptr [eax] 0x00000013 pushad 0x00000014 jmp 00007F20D92506CEh 0x00000019 push eax 0x0000001a push edx 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D8DB5 second address: 9D8DB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D8DB9 second address: 9D8DBD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D8DBD second address: 9D8DCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp+04h], eax 0x0000000b pushad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D8DCC second address: 9D8DDB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jo 00007F20D92506CCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D8DDB second address: 9D8E8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push 00000000h 0x00000008 push eax 0x00000009 call 00007F20D8D0D9F8h 0x0000000e pop eax 0x0000000f mov dword ptr [esp+04h], eax 0x00000013 add dword ptr [esp+04h], 0000001Ch 0x0000001b inc eax 0x0000001c push eax 0x0000001d ret 0x0000001e pop eax 0x0000001f ret 0x00000020 call 00007F20D8D0DA02h 0x00000025 mov edi, dword ptr [ebp+122D1BBBh] 0x0000002b pop edi 0x0000002c mov dword ptr [ebp+122D2E2Dh], edi 0x00000032 add dword ptr [ebp+122D1BD9h], ebx 0x00000038 call 00007F20D8D0D9F9h 0x0000003d jmp 00007F20D8D0D9FBh 0x00000042 push eax 0x00000043 push esi 0x00000044 jmp 00007F20D8D0D9FCh 0x00000049 pop esi 0x0000004a mov eax, dword ptr [esp+04h] 0x0000004e jns 00007F20D8D0DA0Eh 0x00000054 mov eax, dword ptr [eax] 0x00000056 jmp 00007F20D8D0D9FBh 0x0000005b mov dword ptr [esp+04h], eax 0x0000005f jng 00007F20D8D0DA04h 0x00000065 push eax 0x00000066 push edx 0x00000067 pushad 0x00000068 popad 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D8E8A second address: 9D8E8E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D8F99 second address: 9D8F9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D91EC second address: 9D91F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D91F0 second address: 9D91FA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F20D8D0D9F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D9A62 second address: 9D9A67 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9D9C1D second address: 9D9C23 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DBD14 second address: 9DBD1E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F20D92506C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DC5D1 second address: 9DC5DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 pop ebx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DD171 second address: 9DD189 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506CBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop esi 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DC5DF second address: 9DC5EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F20D8D0D9F6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DD432 second address: 9DD438 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DD189 second address: 9DD18F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DD438 second address: 9DD43D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DDF49 second address: 9DDF4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DDF4D second address: 9DDF51 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DDF51 second address: 9DDF5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DDF5A second address: 9DDF60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DEB6C second address: 9DEB72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DEB72 second address: 9DEB76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9DE878 second address: 9DE8AD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F20D8D0D9F6h 0x00000009 jmp 00007F20D8D0D9FEh 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F20D8D0DA08h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E5245 second address: 9E52CD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506CAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push edi 0x0000000d call 00007F20D92506C8h 0x00000012 pop edi 0x00000013 mov dword ptr [esp+04h], edi 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc edi 0x00000020 push edi 0x00000021 ret 0x00000022 pop edi 0x00000023 ret 0x00000024 mov edi, ecx 0x00000026 mov ebx, dword ptr [ebp+122D2A30h] 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ebp 0x00000031 call 00007F20D92506C8h 0x00000036 pop ebp 0x00000037 mov dword ptr [esp+04h], ebp 0x0000003b add dword ptr [esp+04h], 00000019h 0x00000043 inc ebp 0x00000044 push ebp 0x00000045 ret 0x00000046 pop ebp 0x00000047 ret 0x00000048 mov bl, 30h 0x0000004a push 00000000h 0x0000004c push 00000000h 0x0000004e push edx 0x0000004f call 00007F20D92506C8h 0x00000054 pop edx 0x00000055 mov dword ptr [esp+04h], edx 0x00000059 add dword ptr [esp+04h], 00000014h 0x00000061 inc edx 0x00000062 push edx 0x00000063 ret 0x00000064 pop edx 0x00000065 ret 0x00000066 sub dword ptr [ebp+122D2B52h], edx 0x0000006c push eax 0x0000006d push ecx 0x0000006e push eax 0x0000006f push edx 0x00000070 jng 00007F20D92506C6h 0x00000076 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E755F second address: 9E7565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E6658 second address: 9E665D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E7565 second address: 9E756D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E756D second address: 9E7585 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F20D92506C6h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d jp 00007F20D92506D0h 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E677C second address: 9E6786 instructions: 0x00000000 rdtsc 0x00000002 je 00007F20D8D0D9FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E7585 second address: 9E75C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov edi, dword ptr [ebp+122D2BABh] 0x0000000c jmp 00007F20D92506D0h 0x00000011 push 00000000h 0x00000013 mov ebx, dword ptr [ebp+122D1C00h] 0x00000019 jnc 00007F20D92506CCh 0x0000001f push 00000000h 0x00000021 mov bh, 2Bh 0x00000023 push eax 0x00000024 push eax 0x00000025 push edx 0x00000026 push eax 0x00000027 push edx 0x00000028 push ebx 0x00000029 pop ebx 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E75C0 second address: 9E75D2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D8D0D9FEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E7737 second address: 9E7741 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F20D92506C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E95A2 second address: 9E95AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E95AA second address: 9E95AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EB294 second address: 9EB29A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E95AE second address: 9E95C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jno 00007F20D92506C6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EB29A second address: 9EB29E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E95C0 second address: 9E95CA instructions: 0x00000000 rdtsc 0x00000002 jno 00007F20D92506C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EB29E second address: 9EB2BD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D8D0DA03h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push ebx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E95CA second address: 9E95E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F20D92506D9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EB2BD second address: 9EB2C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E95E7 second address: 9E9685 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506CFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b nop 0x0000000c mov ebx, 139A39BCh 0x00000011 push dword ptr fs:[00000000h] 0x00000018 call 00007F20D92506D2h 0x0000001d jmp 00007F20D92506CBh 0x00000022 pop ebx 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a push 00000000h 0x0000002c push esi 0x0000002d call 00007F20D92506C8h 0x00000032 pop esi 0x00000033 mov dword ptr [esp+04h], esi 0x00000037 add dword ptr [esp+04h], 00000017h 0x0000003f inc esi 0x00000040 push esi 0x00000041 ret 0x00000042 pop esi 0x00000043 ret 0x00000044 jns 00007F20D92506C9h 0x0000004a mov eax, dword ptr [ebp+122D04E1h] 0x00000050 jmp 00007F20D92506CCh 0x00000055 mov dword ptr [ebp+1246B110h], esi 0x0000005b push FFFFFFFFh 0x0000005d mov di, ax 0x00000060 mov di, cx 0x00000063 push eax 0x00000064 push eax 0x00000065 push edx 0x00000066 jo 00007F20D92506CCh 0x0000006c ja 00007F20D92506C6h 0x00000072 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EB2C2 second address: 9EB2C7 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EB2C7 second address: 9EB2FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 pushad 0x00000009 mov dl, cl 0x0000000b popad 0x0000000c push 00000000h 0x0000000e pushad 0x0000000f pushad 0x00000010 add dword ptr [ebp+122D295Bh], ebx 0x00000016 push ebx 0x00000017 pop edi 0x00000018 popad 0x00000019 mov ax, 819Ah 0x0000001d popad 0x0000001e push 00000000h 0x00000020 xchg eax, esi 0x00000021 jmp 00007F20D92506CAh 0x00000026 push eax 0x00000027 pushad 0x00000028 pushad 0x00000029 pushad 0x0000002a popad 0x0000002b push eax 0x0000002c pop eax 0x0000002d popad 0x0000002e push edi 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EC470 second address: 9EC474 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EC474 second address: 9EC47A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EB50F second address: 9EB515 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EB515 second address: 9EB519 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EB519 second address: 9EB528 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EB528 second address: 9EB52E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EB52E second address: 9EB53D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F20D8D0D9FAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 99AC81 second address: 99AC85 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EC644 second address: 9EC648 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 99AC85 second address: 99AC89 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 99AC89 second address: 99AC8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EC648 second address: 9EC662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F20D92506D0h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 99AC8F second address: 99AC9B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jc 00007F20D8D0D9F6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EC71F second address: 9EC723 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EFB9A second address: 9EFBA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EFBA0 second address: 9EFBC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 nop 0x00000006 mov edi, dword ptr [ebp+122D2935h] 0x0000000c mov dword ptr [ebp+122D2B48h], ecx 0x00000012 push 00000000h 0x00000014 and bx, 02CAh 0x00000019 push 00000000h 0x0000001b mov bx, si 0x0000001e xchg eax, esi 0x0000001f pushad 0x00000020 jng 00007F20D92506CCh 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EFBC8 second address: 9EFBE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F20D8D0D9FCh 0x0000000a je 00007F20D8D0D9F6h 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 jnp 00007F20D8D0D9F6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EFBE4 second address: 9EFBEA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EFBEA second address: 9EFBF5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jne 00007F20D8D0D9F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F0AFA second address: 9F0B8C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edi 0x0000000f call 00007F20D92506C8h 0x00000014 pop edi 0x00000015 mov dword ptr [esp+04h], edi 0x00000019 add dword ptr [esp+04h], 00000018h 0x00000021 inc edi 0x00000022 push edi 0x00000023 ret 0x00000024 pop edi 0x00000025 ret 0x00000026 movsx ebx, dx 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d push ebp 0x0000002e call 00007F20D92506C8h 0x00000033 pop ebp 0x00000034 mov dword ptr [esp+04h], ebp 0x00000038 add dword ptr [esp+04h], 00000018h 0x00000040 inc ebp 0x00000041 push ebp 0x00000042 ret 0x00000043 pop ebp 0x00000044 ret 0x00000045 push 00000000h 0x00000047 push 00000000h 0x00000049 push ebx 0x0000004a call 00007F20D92506C8h 0x0000004f pop ebx 0x00000050 mov dword ptr [esp+04h], ebx 0x00000054 add dword ptr [esp+04h], 00000014h 0x0000005c inc ebx 0x0000005d push ebx 0x0000005e ret 0x0000005f pop ebx 0x00000060 ret 0x00000061 add dword ptr [ebp+122D2C2Bh], ebx 0x00000067 push eax 0x00000068 push eax 0x00000069 push edx 0x0000006a pushad 0x0000006b jbe 00007F20D92506C6h 0x00000071 push eax 0x00000072 push edx 0x00000073 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F0B8C second address: 9F0B91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EED51 second address: 9EED64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20D92506CEh 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9EED64 second address: 9EED69 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F1D93 second address: 9F1D97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F3BD4 second address: 9F3BD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F2CE0 second address: 9F2CE6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F2CE6 second address: 9F2CEA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F2CEA second address: 9F2D5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push dword ptr fs:[00000000h] 0x00000010 jmp 00007F20D92506CAh 0x00000015 mov dword ptr fs:[00000000h], esp 0x0000001c mov bl, F3h 0x0000001e mov bl, 68h 0x00000020 mov eax, dword ptr [ebp+122D05C1h] 0x00000026 jo 00007F20D92506C8h 0x0000002c mov bl, dl 0x0000002e mov edi, dword ptr [ebp+122D2D87h] 0x00000034 push FFFFFFFFh 0x00000036 push 00000000h 0x00000038 push ecx 0x00000039 call 00007F20D92506C8h 0x0000003e pop ecx 0x0000003f mov dword ptr [esp+04h], ecx 0x00000043 add dword ptr [esp+04h], 0000001Ch 0x0000004b inc ecx 0x0000004c push ecx 0x0000004d ret 0x0000004e pop ecx 0x0000004f ret 0x00000050 nop 0x00000051 pushad 0x00000052 pushad 0x00000053 jmp 00007F20D92506CFh 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F2D5D second address: 9F2D87 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F20D8D0DA09h 0x0000000a popad 0x0000000b push eax 0x0000000c push edi 0x0000000d pushad 0x0000000e jl 00007F20D8D0D9F6h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F5F62 second address: 9F5F68 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F5F68 second address: 9F5FF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ebx 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F20D8D0D9F8h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 00000019h 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 mov dword ptr [ebp+122D1BD9h], ecx 0x00000029 mov dword ptr [ebp+122D351Eh], ebx 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push eax 0x00000034 call 00007F20D8D0D9F8h 0x00000039 pop eax 0x0000003a mov dword ptr [esp+04h], eax 0x0000003e add dword ptr [esp+04h], 0000001Dh 0x00000046 inc eax 0x00000047 push eax 0x00000048 ret 0x00000049 pop eax 0x0000004a ret 0x0000004b and di, 3BD4h 0x00000050 push 00000000h 0x00000052 mov edi, 0FA11684h 0x00000057 xchg eax, esi 0x00000058 push esi 0x00000059 push ebx 0x0000005a jmp 00007F20D8D0DA01h 0x0000005f pop ebx 0x00000060 pop esi 0x00000061 push eax 0x00000062 push eax 0x00000063 push edx 0x00000064 jns 00007F20D8D0D9FCh 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F4EE2 second address: 9F4FA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506D3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F20D92506C8h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 0000001Ah 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 mov dword ptr [ebp+122D17DBh], ebx 0x0000002a push dword ptr fs:[00000000h] 0x00000031 xor di, 0276h 0x00000036 sbb bl, FFFFFF82h 0x00000039 mov dword ptr fs:[00000000h], esp 0x00000040 push 00000000h 0x00000042 push ecx 0x00000043 call 00007F20D92506C8h 0x00000048 pop ecx 0x00000049 mov dword ptr [esp+04h], ecx 0x0000004d add dword ptr [esp+04h], 0000001Ah 0x00000055 inc ecx 0x00000056 push ecx 0x00000057 ret 0x00000058 pop ecx 0x00000059 ret 0x0000005a add dword ptr [ebp+122D1B15h], edi 0x00000060 mov eax, dword ptr [ebp+122D103Dh] 0x00000066 call 00007F20D92506D2h 0x0000006b sbb di, AE2Dh 0x00000070 pop ebx 0x00000071 push FFFFFFFFh 0x00000073 jmp 00007F20D92506D7h 0x00000078 sub ebx, dword ptr [ebp+122D311Ch] 0x0000007e nop 0x0000007f pushad 0x00000080 push ebx 0x00000081 push eax 0x00000082 push edx 0x00000083 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F4FA2 second address: 9F4FAB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F4FAB second address: 9F4FAF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F4FAF second address: 9F4FCF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 jmp 00007F20D8D0DA03h 0x0000000e push eax 0x0000000f push edx 0x00000010 push edx 0x00000011 pop edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F6122 second address: 9F6126 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F6126 second address: 9F612A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9F6267 second address: 9F626B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FDE9A second address: 9FDEB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 jmp 00007F20D8D0DA01h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9FDEB0 second address: 9FDECE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F20D92506D7h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0BE46 second address: A0BE4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0BE4A second address: A0BE50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A0BE50 second address: A0BE54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A11DC8 second address: A11DD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F20D92506C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A11DD2 second address: A11DE3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D8D0D9FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12300 second address: A12319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20D92506D5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12319 second address: A1231D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1231D second address: A12328 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12328 second address: A1232E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1232E second address: A1234E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F20D92506D7h 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12464 second address: A1246E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F20D8D0D9F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A125DC second address: A125EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20D92506CAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A126FF second address: A12705 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12705 second address: A12718 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F20D92506CDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12718 second address: A1272C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D8D0D9FFh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1272C second address: A12732 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12886 second address: A1289B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 ja 00007F20D8D0D9F6h 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f jne 00007F20D8D0D9F6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12E9D second address: A12EA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12EA1 second address: A12EAC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12EAC second address: A12EB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A12EB3 second address: A12EBA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E1E89 second address: 9E1EB2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 jnp 00007F20D92506DCh 0x0000000d popad 0x0000000e push eax 0x0000000f pushad 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E1EB2 second address: 9BF47E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jg 00007F20D8D0D9FCh 0x0000000b popad 0x0000000c nop 0x0000000d mov dword ptr [ebp+122D1F0Eh], ecx 0x00000013 mov dword ptr [ebp+122D2C50h], edi 0x00000019 lea eax, dword ptr [ebp+12487C00h] 0x0000001f sub ecx, 1E5970C5h 0x00000025 push eax 0x00000026 pushad 0x00000027 pushad 0x00000028 ja 00007F20D8D0D9F6h 0x0000002e push edi 0x0000002f pop edi 0x00000030 popad 0x00000031 push edi 0x00000032 jnc 00007F20D8D0D9F6h 0x00000038 pop edi 0x00000039 popad 0x0000003a mov dword ptr [esp], eax 0x0000003d mov ch, 43h 0x0000003f call dword ptr [ebp+122D1B9Ah] 0x00000045 pushad 0x00000046 pushad 0x00000047 push eax 0x00000048 push edx 0x00000049 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E26DE second address: 9E26E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E26E2 second address: 9E26E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E28D6 second address: 9E2903 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edi 0x0000000a push eax 0x0000000b pushad 0x0000000c je 00007F20D92506C8h 0x00000012 push eax 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007F20D92506C6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E2A4E second address: 9E2A67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jc 00007F20D8D0D9F6h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f pushad 0x00000010 pushad 0x00000011 jng 00007F20D8D0D9F6h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E2DBF second address: 9E2E01 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 jg 00007F20D92506D1h 0x0000000e jmp 00007F20D92506CBh 0x00000013 nop 0x00000014 add di, BD20h 0x00000019 push 0000001Eh 0x0000001b push eax 0x0000001c mov dword ptr [ebp+12477D60h], edi 0x00000022 pop edi 0x00000023 nop 0x00000024 push eax 0x00000025 push edx 0x00000026 jmp 00007F20D92506D6h 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E2E01 second address: 9E2E2C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F20D8D0DA04h 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F20D8D0D9FEh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E2E2C second address: 9E2E42 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F20D92506D2h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E2F9F second address: 9E2FA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9E2FA3 second address: 9E2FCA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F20D92506D1h 0x0000000c jne 00007F20D92506C6h 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push ecx 0x00000016 pushad 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1688F second address: A16895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16895 second address: A16899 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16899 second address: A168A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a js 00007F20D8D0D9F6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16A3C second address: A16A40 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16EBE second address: A16EC4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16EC4 second address: A16ECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16ECA second address: A16ECF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16ECF second address: A16F09 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F20D92506D6h 0x00000008 ja 00007F20D92506C6h 0x0000000e jmp 00007F20D92506D1h 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 popad 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a push edi 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16F09 second address: A16F14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16F14 second address: A16F1A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16F1A second address: A16F20 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16F20 second address: A16F26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A16F26 second address: A16F31 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A171F5 second address: A171F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A1FC8A second address: A1FC90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A263E4 second address: A263EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A263EC second address: A263F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A252A8 second address: A252D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F20D92506C6h 0x0000000a popad 0x0000000b jns 00007F20D92506CEh 0x00000011 jo 00007F20D92506C8h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a push esi 0x0000001b push eax 0x0000001c push edx 0x0000001d jp 00007F20D92506C6h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A25557 second address: A2555D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2555D second address: A25563 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A25563 second address: A25588 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F20D8D0DA0Dh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A256B4 second address: A256BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A256BC second address: A256C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A256C0 second address: A256F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506D1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jl 00007F20D92506EAh 0x00000011 push edx 0x00000012 jmp 00007F20D92506CCh 0x00000017 pop edx 0x00000018 push eax 0x00000019 push edx 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A256F1 second address: A256F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A259BB second address: A259C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A259C1 second address: A259C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A259C5 second address: A259E3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506D6h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A25DFD second address: A25E05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A25E05 second address: A25E16 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20D92506CCh 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2CC35 second address: A2CC43 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F20D8D0D9F8h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2CC43 second address: A2CC4D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F20D92506C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 995B84 second address: 995B8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2C969 second address: A2C96F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2C96F second address: A2C99C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D8D0DA02h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F20D8D0DA03h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2F673 second address: A2F677 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A2F677 second address: A2F67D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3643B second address: A3644F instructions: 0x00000000 rdtsc 0x00000002 jne 00007F20D92506C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007F20D92506CEh 0x00000010 pushad 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3644F second address: A36453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A36453 second address: A3646A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506CCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A34D9F second address: A34DCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20D8D0DA01h 0x00000009 popad 0x0000000a jmp 00007F20D8D0DA07h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A34DCC second address: A34DD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A34DD2 second address: A34DD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A34DD8 second address: A34DDC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A34DDC second address: A34DE6 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F20D8D0D9F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A35314 second address: A3531E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F20D92506C6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3572C second address: A35732 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A361F2 second address: A361F6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A393DE second address: A39405 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 jmp 00007F20D8D0DA03h 0x0000000e pushad 0x0000000f popad 0x00000010 pop edx 0x00000011 jp 00007F20D8D0D9F8h 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A39405 second address: A3940B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A38B38 second address: A38B4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F20D8D0D9F6h 0x0000000a popad 0x0000000b pushad 0x0000000c jc 00007F20D8D0D9F6h 0x00000012 push edi 0x00000013 pop edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A38B4E second address: A38B69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20D92506D3h 0x00000009 popad 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A38DF9 second address: A38E19 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F20D8D0D9FBh 0x00000008 pop esi 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F20D8D0D9FCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A38E19 second address: A38E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jne 00007F20D92506C8h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A38E30 second address: A38E34 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A38E34 second address: A38E52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506D8h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A38E52 second address: A38E5E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F20D8D0D9F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A38E5E second address: A38E62 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A38E62 second address: A38E66 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A390F9 second address: A390FE instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A390FE second address: A39111 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F20D8D0D9F6h 0x0000000a pop edx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ecx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3C48D second address: A3C493 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3CA42 second address: A3CA46 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3CA46 second address: A3CA4C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3CA4C second address: A3CA5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F20D8D0D9FAh 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3CA5C second address: A3CA60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3CA60 second address: A3CA7A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jne 00007F20D8D0D9F6h 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3CA7A second address: A3CA80 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3CA80 second address: A3CA85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3CD15 second address: A3CD33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20D92506D9h 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3CD33 second address: A3CD39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3CD39 second address: A3CD3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A3CD3D second address: A3CD6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F20D8D0D9FDh 0x00000011 jmp 00007F20D8D0DA09h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A434FD second address: A43524 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jo 00007F20D92506DFh 0x0000000e jmp 00007F20D92506D3h 0x00000013 js 00007F20D92506C6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A43524 second address: A43539 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D8D0D9FBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edx 0x0000000a push ecx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A439C5 second address: A439CC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A439CC second address: A439EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c jmp 00007F20D8D0DA01h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A439EF second address: A43A04 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F20D92506C6h 0x00000008 jne 00007F20D92506C6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A43CBD second address: A43CD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 push edx 0x00000007 pop edx 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F20D8D0D9FCh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A44554 second address: A44560 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jg 00007F20D92506C6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A44560 second address: A4458D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F20D8D0D9FBh 0x00000008 jmp 00007F20D8D0DA01h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 pushad 0x00000011 push eax 0x00000012 pop eax 0x00000013 jl 00007F20D8D0D9F6h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4484F second address: A4485C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 jg 00007F20D92506C6h 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A44B5A second address: A44B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F20D8D0D9F6h 0x0000000a jmp 00007F20D8D0DA01h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A44B7A second address: A44B7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A44E02 second address: A44E0C instructions: 0x00000000 rdtsc 0x00000002 jne 00007F20D8D0D9F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A450E5 second address: A450EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A450EB second address: A450F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F20D8D0D9F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A450F5 second address: A450F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4943C second address: A49440 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A49440 second address: A4945C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F20D92506D4h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4945C second address: A49466 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F20D8D0D9F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A49466 second address: A4946A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A495F0 second address: A4961B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F20D8D0DA06h 0x0000000d jmp 00007F20D8D0D9FDh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4961B second address: A4963F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506D2h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop ebx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f jno 00007F20D92506C6h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A4963F second address: A49643 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A50210 second address: A50218 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A57F62 second address: A57F68 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A5619F second address: A561B1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jno 00007F20D92506CCh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A561B1 second address: A561BC instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jl 00007F20D8D0D9F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A561BC second address: A561CC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A561CC second address: A561D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A562EA second address: A562EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A568F3 second address: A568F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A56E88 second address: A56EB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20D92506D2h 0x00000009 pop edx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pop edi 0x0000000e jmp 00007F20D92506D0h 0x00000013 popad 0x00000014 push esi 0x00000015 push eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A55D0E second address: A55D27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D8D0DA05h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 9976E9 second address: 997702 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20D92506D5h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 997702 second address: 99772C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F20D8D0DA06h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f jmp 00007F20D8D0D9FAh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A60292 second address: A602A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F20D92506D2h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A603CF second address: A603D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A60564 second address: A6056E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F20D92506C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A6BFD6 second address: A6BFDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A76D6A second address: A76D6E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A75BC3 second address: A75BC7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A75BC7 second address: A75BD9 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F20D92506C6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A75BD9 second address: A75BE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7AAC1 second address: A7AAC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7AAC5 second address: A7AAC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7AAC9 second address: A7AAD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7AAD1 second address: A7AAD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7AAD7 second address: A7AADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7AADD second address: A7AAE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7EAC9 second address: A7EACD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7EACD second address: A7EAE2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F20D8D0D9FCh 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7EAE2 second address: A7EAED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A7EAED second address: A7EAF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F20D8D0D9F6h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A822C4 second address: A822C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A8997A second address: A8997E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A8997E second address: A89984 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A89984 second address: A899B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F20D8D0DA04h 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F20D8D0DA01h 0x00000015 popad 0x00000016 push ecx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A899B8 second address: A899BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A88486 second address: A88493 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A88493 second address: A88497 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A88497 second address: A884A1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F20D8D0D9F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A88BBD second address: A88BD9 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F20D92506C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jl 00007F20D92506C8h 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 jg 00007F20D92506C6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A88BD9 second address: A88BE3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F20D8D0D9F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A8D140 second address: A8D14C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F20D92506C6h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A9096D second address: A90982 instructions: 0x00000000 rdtsc 0x00000002 je 00007F20D8D0D9F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b jo 00007F20D8D0DA06h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: A90982 second address: A90986 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB5D20 second address: AB5D36 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D8D0D9FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB5D36 second address: AB5D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB5D3D second address: AB5D4E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F20D8D0D9FBh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB5D4E second address: AB5D6C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F20D92506C6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F20D92506CEh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB5D6C second address: AB5D7C instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push esi 0x0000000a pop esi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB5D7C second address: AB5D82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB5D82 second address: AB5D88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB562D second address: AB5631 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB5631 second address: AB5668 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F20D8D0DA00h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d pushad 0x0000000e popad 0x0000000f jns 00007F20D8D0D9F6h 0x00000015 pop ecx 0x00000016 pushad 0x00000017 jmp 00007F20D8D0DA03h 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB5668 second address: AB566E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB566E second address: AB5693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F20D8D0D9F6h 0x0000000a popad 0x0000000b jmp 00007F20D8D0D9FBh 0x00000010 pushad 0x00000011 js 00007F20D8D0D9F6h 0x00000017 jbe 00007F20D8D0D9F6h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB57B7 second address: AB57BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB57BB second address: AB57BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB57BF second address: AB57CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB91BA second address: AB91D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F20D8D0D9F6h 0x0000000a popad 0x0000000b push ebx 0x0000000c push eax 0x0000000d pop eax 0x0000000e pushad 0x0000000f popad 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB8C46 second address: AB8C68 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F20D92506D2h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnl 00007F20D92506DAh 0x00000010 push eax 0x00000011 push edx 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB8C68 second address: AB8C6C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABD15D second address: ABD184 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F20D92506D3h 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d jbe 00007F20D92506C6h 0x00000013 jns 00007F20D92506C6h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABD184 second address: ABD19E instructions: 0x00000000 rdtsc 0x00000002 jc 00007F20D8D0D9F6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 pushad 0x00000012 popad 0x00000013 jp 00007F20D8D0D9F6h 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC1531 second address: AC1579 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F20D92506D2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jno 00007F20D92506C6h 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F20D92506CDh 0x00000017 jmp 00007F20D92506D5h 0x0000001c popad 0x0000001d pop ecx 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AC1579 second address: AC1583 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F20D8D0D9F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABA2EB second address: ABA30E instructions: 0x00000000 rdtsc 0x00000002 jne 00007F20D92506C6h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F20D92506D5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABA30E second address: ABA312 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB8F27 second address: AB8F2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB8F2D second address: AB8F36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: AB8F36 second address: AB8F40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F20D92506C6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABA137 second address: ABA175 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F20D8D0D9F6h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F20D8D0DA07h 0x00000011 push edi 0x00000012 jmp 00007F20D8D0DA08h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: ABA175 second address: ABA18F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push esi 0x00000006 pushad 0x00000007 popad 0x00000008 pop esi 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d jmp 00007F20D92506CAh 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 82DA92 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 82D9D7 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 82B606 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: A61F2A instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4E40000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 5100000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 7100000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A03011 rdtsc 0_2_00A03011
Contains functionality to detect virtual machines (SIDT)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_009BE17F sidt fword ptr [esp-02h] 0_2_009BE17F
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 3288 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A07EF4 GetSystemInfo,VirtualAlloc, 0_2_00A07EF4
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1804547252.00000000009B0000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1804547252.00000000009B0000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A03011 rdtsc 0_2_00A03011
Enables debug privileges
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.1804547252.00000000009B0000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: &$Program Manager
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00A039A9 GetSystemTime,GetFileTime, 0_2_00A039A9

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1532434 Sample: file.exe Startdate: 13/10/2024 Architecture: WINDOWS Score: 100 11 Antivirus / Scanner detection for submitted sample 2->11 13 Machine Learning detection for sample 2->13 15 PE file contains section with special chars 2->15 17 AI detected suspicious sample 2->17 5 file.exe 9 1 2->5         started        process3 file4 9 C:\Users\user\AppData\Local\...\file.exe.log, CSV 5->9 dropped 19 Detected unpacking (changes PE section rights) 5->19 21 Tries to detect sandboxes and other dynamic analysis tools (window names) 5->21 23 Modifies windows update settings 5->23 25 8 other signatures 5->25 signatures5
No contacted IP infos