Windows Analysis Report
file.exe

Overview

General Information

Sample name: file.exe
Analysis ID: 1532538
MD5: e8ec2cd0994666ebace945d5774b8fdd
SHA1: d46d96bef76101573e704f11884cc83563a5a7bf
SHA256: 454c1d3fd87f5a257ca5e36d590fa9755e0ae329477ec749418347511572418a
Tags: exeuser-Bitsight
Infos:

Detection

Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Detected unpacking (changes PE section rights)
AI detected suspicious sample
Disable Windows Defender notifications (registry)
Disable Windows Defender real time protection (registry)
Disables Windows Defender Tamper protection
Hides threads from debuggers
Machine Learning detection for sample
Modifies windows update settings
PE file contains section with special chars
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Tries to detect sandboxes and other dynamic analysis tools (window names)
Tries to detect virtualization through RDTSC time measurements
Tries to evade debugger and weak emulator (self modifying code)
Allocates memory with a write watch (potentially for evading sandboxes)
Checks for debuggers (devices)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Detected potential crypto function
Enables debug privileges
Entry point lies outside standard sections
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains an invalid checksum
PE file contains sections with non-standard names
Sample file is different than original file name gathered from version info
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: file.exe Avira: detected
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 100.0% probability
Machine Learning detection for sample
Source: file.exe Joe Sandbox ML: detected
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00511AD0 CryptVerifySignatureA, 0_2_00511AD0
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.2187814691.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmp
Tries to resolve domain names, but no domain seems valid (expired dropper behavior)
Source: unknown DNS traffic detected: query: 18.31.95.13.in-addr.arpa replaycode: Name error (3)
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic DNS traffic detected: DNS query: 18.31.95.13.in-addr.arpa

System Summary
barindex
PE file contains section with special chars
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Detected potential crypto function
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0037E032 0_2_0037E032
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039E020 0_2_0039E020
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047A077 0_2_0047A077
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FA00E 0_2_003FA00E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00396079 0_2_00396079
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00440006 0_2_00440006
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A607F 0_2_003A607F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E8075 0_2_003E8075
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00428013 0_2_00428013
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00476026 0_2_00476026
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039805F 0_2_0039805F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B604B 0_2_003B604B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044E0C2 0_2_0044E0C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0038C0A1 0_2_0038C0A1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004600FA 0_2_004600FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CA0FD 0_2_003CA0FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048C080 0_2_0048C080
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042608D 0_2_0042608D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003740DF 0_2_003740DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004800A7 0_2_004800A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A40C8 0_2_003A40C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040E0B7 0_2_0040E0B7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003560CE 0_2_003560CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045414B 0_2_0045414B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00394119 0_2_00394119
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00404163 0_2_00404163
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042C166 0_2_0042C166
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00424172 0_2_00424172
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00362107 0_2_00362107
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045C177 0_2_0045C177
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043E175 0_2_0043E175
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00480170 0_2_00480170
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042A116 0_2_0042A116
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042211A 0_2_0042211A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046A120 0_2_0046A120
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00390142 0_2_00390142
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A81BB 0_2_003A81BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004821CA 0_2_004821CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039C1BB 0_2_0039C1BB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003821BC 0_2_003821BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004421DD 0_2_004421DD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034A1AA 0_2_0034A1AA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004981EE 0_2_004981EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045A1EA 0_2_0045A1EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048A1FA 0_2_0048A1FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004321F7 0_2_004321F7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00372181 0_2_00372181
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004481FD 0_2_004481FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003541E5 0_2_003541E5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0035A1E6 0_2_0035A1E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D81CA 0_2_003D81CA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0038A1C2 0_2_0038A1C2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048E1B5 0_2_0048E1B5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00478246 0_2_00478246
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00408252 0_2_00408252
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00490250 0_2_00490250
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00484268 0_2_00484268
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00496268 0_2_00496268
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A826D 0_2_004A826D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034821E 0_2_0034821E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041026E 0_2_0041026E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00450276 0_2_00450276
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F2274 0_2_003F2274
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D4270 0_2_003D4270
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0036C27B 0_2_0036C27B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F626F 0_2_003F626F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048621A 0_2_0048621A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B826E 0_2_003B826E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00462218 0_2_00462218
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00366246 0_2_00366246
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00436231 0_2_00436231
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CE2BE 0_2_003CE2BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044E2CE 0_2_0044E2CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0037C2A6 0_2_0037C2A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043C2D5 0_2_0043C2D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039A2A0 0_2_0039A2A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042E2E6 0_2_0042E2E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EA297 0_2_003EA297
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00388293 0_2_00388293
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004162EA 0_2_004162EA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004042F9 0_2_004042F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034628F 0_2_0034628F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00470286 0_2_00470286
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003502FA 0_2_003502FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041428E 0_2_0041428E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0035E2E6 0_2_0035E2E6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003842EE 0_2_003842EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043A299 0_2_0043A299
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003762EB 0_2_003762EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003862D5 0_2_003862D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003902C1 0_2_003902C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B22C7 0_2_003B22C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045C34D 0_2_0045C34D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0037233C 0_2_0037233C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FE31F 0_2_003FE31F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034C310 0_2_0034C310
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00430366 0_2_00430366
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00446374 0_2_00446374
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049C371 0_2_0049C371
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049A309 0_2_0049A309
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0036437E 0_2_0036437E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00358364 0_2_00358364
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D0364 0_2_003D0364
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00396365 0_2_00396365
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C835A 0_2_003C835A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00402330 0_2_00402330
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004583C5 0_2_004583C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A83B8 0_2_003A83B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040A3C7 0_2_0040A3C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DC3BA 0_2_003DC3BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047E3C9 0_2_0047E3C9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A03A3 0_2_003A03A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004943D6 0_2_004943D6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EE393 0_2_003EE393
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004623E8 0_2_004623E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039C381 0_2_0039C381
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DA386 0_2_003DA386
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004523F9 0_2_004523F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003AA3FC 0_2_003AA3FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003703E1 0_2_003703E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0037C3E9 0_2_0037C3E9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003BE3DE 0_2_003BE3DE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004263AD 0_2_004263AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003863CC 0_2_003863CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004883BE 0_2_004883BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E43C7 0_2_003E43C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C243A 0_2_003C243A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044E455 0_2_0044E455
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046C45A 0_2_0046C45A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041C45E 0_2_0041C45E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00438468 0_2_00438468
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044046A 0_2_0044046A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003BC409 0_2_003BC409
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0038C40C 0_2_0038C40C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D640B 0_2_003D640B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041E400 0_2_0041E400
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00418402 0_2_00418402
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039447D 0_2_0039447D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00406405 0_2_00406405
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042A40D 0_2_0042A40D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A446E 0_2_003A446E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00352456 0_2_00352456
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046A430 0_2_0046A430
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00412438 0_2_00412438
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F0444 0_2_003F0444
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004004C4 0_2_004004C4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0036A4A5 0_2_0036A4A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003684AD 0_2_003684AD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D04A6 0_2_003D04A6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A6493 0_2_003A6493
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00434483 0_2_00434483
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E84FB 0_2_003E84FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B44D2 0_2_003B44D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B84D0 0_2_003B84D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039E4CB 0_2_0039E4CB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FA4C3 0_2_003FA4C3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047454D 0_2_0047454D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E2530 0_2_003E2530
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E651B 0_2_003E651B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F6512 0_2_003F6512
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F4578 0_2_003F4578
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0036057C 0_2_0036057C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D2571 0_2_003D2571
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00442517 0_2_00442517
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C655D 0_2_003C655D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044C520 0_2_0044C520
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040C5C8 0_2_0040C5C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B2592 0_2_003B2592
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CC596 0_2_003CC596
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004545E8 0_2_004545E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048A5F5 0_2_0048A5F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046C5F9 0_2_0046C5F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045658C 0_2_0045658C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003AE5E3 0_2_003AE5E3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D45E7 0_2_003D45E7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045A598 0_2_0045A598
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00490594 0_2_00490594
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004105A3 0_2_004105A3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004785A0 0_2_004785A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004185AF 0_2_004185AF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003745C7 0_2_003745C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004665BF 0_2_004665BF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00460644 0_2_00460644
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D862F 0_2_003D862F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00470650 0_2_00470650
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00408659 0_2_00408659
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0038E61E 0_2_0038E61E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F8607 0_2_003F8607
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045C61F 0_2_0045C61F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B665A 0_2_003B665A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034A6A7 0_2_0034A6A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004966DC 0_2_004966DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004646DF 0_2_004646DF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004846E8 0_2_004846E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049A6E4 0_2_0049A6E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A06FC 0_2_003A06FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003886F4 0_2_003886F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044268A 0_2_0044268A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044A6B1 0_2_0044A6B1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DE73F 0_2_003DE73F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00422745 0_2_00422745
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00474740 0_2_00474740
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00390728 0_2_00390728
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00398728 0_2_00398728
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00402754 0_2_00402754
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00396724 0_2_00396724
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003BE71B 0_2_003BE71B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A676A 0_2_004A676A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E4711 0_2_003E4711
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A2704 0_2_003A2704
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0035C77C 0_2_0035C77C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00362779 0_2_00362779
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C8764 0_2_003C8764
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045E724 0_2_0045E724
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0035E750 0_2_0035E750
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0038C75F 0_2_0038C75F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034E743 0_2_0034E743
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043C73B 0_2_0043C73B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00482731 0_2_00482731
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00466738 0_2_00466738
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003947BA 0_2_003947BA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040A7C5 0_2_0040A7C5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004447C1 0_2_004447C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039C7AB 0_2_0039C7AB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00376785 0_2_00376785
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042E7FC 0_2_0042E7FC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004527FB 0_2_004527FB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FC7FA 0_2_003FC7FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003567FD 0_2_003567FD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00448797 0_2_00448797
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00488792 0_2_00488792
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00494795 0_2_00494795
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003707E8 0_2_003707E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004867A4 0_2_004867A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003AA7D7 0_2_003AA7D7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00446840 0_2_00446840
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045085C 0_2_0045085C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049886A 0_2_0049886A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B8811 0_2_003B8811
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B4814 0_2_003B4814
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00464870 0_2_00464870
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046C870 0_2_0046C870
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049C872 0_2_0049C872
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00462879 0_2_00462879
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048082E 0_2_0048082E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0035284E 0_2_0035284E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0036E8B2 0_2_0036E8B2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044E8CE 0_2_0044E8CE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004948EF 0_2_004948EF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004B08E4 0_2_004B08E4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B0888 0_2_003B0888
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004108F8 0_2_004108F8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003AE884 0_2_003AE884
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004908F6 0_2_004908F6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0035C8F5 0_2_0035C8F5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003BE8EB 0_2_003BE8EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00454895 0_2_00454895
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D28E0 0_2_003D28E0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0037A8E8 0_2_0037A8E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004208A8 0_2_004208A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049C8A5 0_2_0049C8A5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B693A 0_2_003B693A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EC938 0_2_003EC938
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043894F 0_2_0043894F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00360939 0_2_00360939
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00382929 0_2_00382929
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00418977 0_2_00418977
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D690A 0_2_003D690A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E0906 0_2_003E0906
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041C97F 0_2_0041C97F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039E97F 0_2_0039E97F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00368967 0_2_00368967
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003BC969 0_2_003BC969
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00378956 0_2_00378956
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0037495A 0_2_0037495A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A6955 0_2_003A6955
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040E932 0_2_0040E932
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003AA942 0_2_003AA942
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E2945 0_2_003E2945
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004809C6 0_2_004809C6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004969C7 0_2_004969C7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E69A7 0_2_003E69A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046E9D8 0_2_0046E9D8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004309E2 0_2_004309E2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034C990 0_2_0034C990
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004709E1 0_2_004709E1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046A9EE 0_2_0046A9EE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043A9FA 0_2_0043A9FA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042C9F9 0_2_0042C9F9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003909FF 0_2_003909FF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0038A9EB 0_2_0038A9EB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003549E8 0_2_003549E8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040C9A0 0_2_0040C9A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004609A7 0_2_004609A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004429B9 0_2_004429B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CAA3C 0_2_003CAA3C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049AA49 0_2_0049AA49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E8A3D 0_2_003E8A3D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045AA42 0_2_0045AA42
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00402A5B 0_2_00402A5B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044CA58 0_2_0044CA58
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00492A73 0_2_00492A73
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B0A06 0_2_003B0A06
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00424A3E 0_2_00424A3E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00386AB9 0_2_00386AB9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00466ACF 0_2_00466ACF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F6AB2 0_2_003F6AB2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00384AA0 0_2_00384AA0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003ECAA5 0_2_003ECAA5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C0AA2 0_2_003C0AA2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F2A93 0_2_003F2A93
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045EAF1 0_2_0045EAF1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C2A8A 0_2_003C2A8A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00398AF8 0_2_00398AF8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B2AFF 0_2_003B2AFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00360AE2 0_2_00360AE2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003BEAE6 0_2_003BEAE6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D0ADD 0_2_003D0ADD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047AAA7 0_2_0047AAA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E4ADA 0_2_003E4ADA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00364ADF 0_2_00364ADF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048EABC 0_2_0048EABC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A0ACF 0_2_003A0ACF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C4ACA 0_2_003C4ACA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003ACAC1 0_2_003ACAC1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00362B3C 0_2_00362B3C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B4B34 0_2_003B4B34
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00448B51 0_2_00448B51
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044AB5C 0_2_0044AB5C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045CB5F 0_2_0045CB5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00486B57 0_2_00486B57
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00350B16 0_2_00350B16
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00436B70 0_2_00436B70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047EB70 0_2_0047EB70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00422B0D 0_2_00422B0D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0035AB65 0_2_0035AB65
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B0B59 0_2_003B0B59
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0037EB47 0_2_0037EB47
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00352B44 0_2_00352B44
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00444B37 0_2_00444B37
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D4B47 0_2_003D4B47
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034EBAC 0_2_0034EBAC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0037CB94 0_2_0037CB94
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DAB9A 0_2_003DAB9A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00498BE2 0_2_00498BE2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00410BF2 0_2_00410BF2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00372B81 0_2_00372B81
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00458BF3 0_2_00458BF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FCBF3 0_2_003FCBF3
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A2BF4 0_2_003A2BF4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B8C30 0_2_003B8C30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FEC27 0_2_003FEC27
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00346C2E 0_2_00346C2E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0047CC66 0_2_0047CC66
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039CC1F 0_2_0039CC1F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00376C19 0_2_00376C19
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DCC0C 0_2_003DCC0C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00364C0B 0_2_00364C0B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00400C00 0_2_00400C00
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00392C49 0_2_00392C49
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00356C40 0_2_00356C40
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00482C31 0_2_00482C31
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00366C4A 0_2_00366C4A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00464CC6 0_2_00464CC6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043ECC4 0_2_0043ECC4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A6CB0 0_2_003A6CB0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D6CA9 0_2_003D6CA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F4CAA 0_2_003F4CAA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00452CD0 0_2_00452CD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A0C98 0_2_003A0C98
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F2C9C 0_2_003F2C9C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00348C91 0_2_00348C91
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00436CEB 0_2_00436CEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0038CC91 0_2_0038CC91
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B6C92 0_2_003B6C92
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00450CE8 0_2_00450CE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048ACF2 0_2_0048ACF2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00426C86 0_2_00426C86
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0037ACCE 0_2_0037ACCE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D2D38 0_2_003D2D38
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00418D4B 0_2_00418D4B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039ED2D 0_2_0039ED2D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00496D5F 0_2_00496D5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00396D20 0_2_00396D20
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00480D68 0_2_00480D68
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00374D14 0_2_00374D14
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00430D6E 0_2_00430D6E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00382D03 0_2_00382D03
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00404D01 0_2_00404D01
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00368D78 0_2_00368D78
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00420D16 0_2_00420D16
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004A4D1C 0_2_004A4D1C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00410D3D 0_2_00410D3D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00482DD8 0_2_00482DD8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00442DD5 0_2_00442DD5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C8DA7 0_2_003C8DA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00460DDD 0_2_00460DDD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0038ADA6 0_2_0038ADA6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034AD95 0_2_0034AD95
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045EDF5 0_2_0045EDF5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0036AD85 0_2_0036AD85
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00468D86 0_2_00468D86
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042CD92 0_2_0042CD92
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00462D97 0_2_00462D97
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FADEA 0_2_003FADEA
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0040ADAC 0_2_0040ADAC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045CDA9 0_2_0045CDA9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D8DD0 0_2_003D8DD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048CDB6 0_2_0048CDB6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00484E48 0_2_00484E48
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00360E37 0_2_00360E37
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034CE30 0_2_0034CE30
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00464E5F 0_2_00464E5F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003ECE19 0_2_003ECE19
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0035CE1D 0_2_0035CE1D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00450E70 0_2_00450E70
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B4E7B 0_2_003B4E7B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045AE07 0_2_0045AE07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003BCE5E 0_2_003BCE5E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00454E32 0_2_00454E32
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0046AEC6 0_2_0046AEC6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00446ED4 0_2_00446ED4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00416EDF 0_2_00416EDF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041AEDF 0_2_0041AEDF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003F0E9F 0_2_003F0E9F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00402EFF 0_2_00402EFF
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003BEEF2 0_2_003BEEF2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00390EEB 0_2_00390EEB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004AEE9E 0_2_004AEE9E
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0049AE91 0_2_0049AE91
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00422EA7 0_2_00422EA7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C6EC9 0_2_003C6EC9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00460F42 0_2_00460F42
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C0F39 0_2_003C0F39
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045CF57 0_2_0045CF57
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B0F2D 0_2_003B0F2D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003CCF18 0_2_003CCF18
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B2F0F 0_2_003B2F0F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FCF0A 0_2_003FCF0A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00472F07 0_2_00472F07
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00454F10 0_2_00454F10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00498F10 0_2_00498F10
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044AF1F 0_2_0044AF1F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0042AFCB 0_2_0042AFCB
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00350FB9 0_2_00350FB9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00436FCD 0_2_00436FCD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00360FA4 0_2_00360FA4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A2FAE 0_2_003A2FAE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00476FD0 0_2_00476FD0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00400FE8 0_2_00400FE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039CF92 0_2_0039CF92
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00428FFC 0_2_00428FFC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034EFF5 0_2_0034EFF5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00346FE0 0_2_00346FE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DAFE8 0_2_003DAFE8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00364FE0 0_2_00364FE0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EAFDD 0_2_003EAFDD
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E9038 0_2_003E9038
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C5028 0_2_003C5028
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043106C 0_2_0043106C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00397008 0_2_00397008
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003D5008 0_2_003D5008
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048700B 0_2_0048700B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039507D 0_2_0039507D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00439009 0_2_00439009
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003BF060 0_2_003BF060
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003DD061 0_2_003DD061
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044D026 0_2_0044D026
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0038505D 0_2_0038505D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00433031 0_2_00433031
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0038F04C 0_2_0038F04C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004070C8 0_2_004070C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A70B6 0_2_003A70B6
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041F0CC 0_2_0041F0CC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E10AE 0_2_003E10AE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A10A8 0_2_003A10A8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A90A2 0_2_003A90A2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004830D0 0_2_004830D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004950D5 0_2_004950D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003FF0A0 0_2_003FF0A0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003C3094 0_2_003C3094
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003AD0F4 0_2_003AD0F4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048B099 0_2_0048B099
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00373123 0_2_00373123
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003E512A 0_2_003E512A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0041D169 0_2_0041D169
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003B7112 0_2_003B7112
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039F10F 0_2_0039F10F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0036B176 0_2_0036B176
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00419116 0_2_00419116
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043511A 0_2_0043511A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00347156 0_2_00347156
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0048F13A 0_2_0048F13A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0038714C 0_2_0038714C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003A5143 0_2_003A5143
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0043B13A 0_2_0043B13A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0045313C 0_2_0045313C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003EF1BE 0_2_003EF1BE
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0044D1DC 0_2_0044D1DC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003771AD 0_2_003771AD
Found potential string decryption / allocating functions
Source: C:\Users\user\Desktop\file.exe Code function: String function: 0050CAC5 appears 35 times
Sample file is different than original file name gathered from version info
Source: file.exe, 00000000.00000000.2177670009.0000000000336000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe, 00000000.00000002.2321890911.0000000000D4E000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: OriginalFilenameclr.dllT vs file.exe
Source: file.exe Binary or memory string: OriginalFilenamedefOff.exe. vs file.exe
Source: file.exe Static PE information: Section: dsenwoqe ZLIB complexity 0.9947670555227407
Source: classification engine Classification label: mal100.evad.winEXE@1/1@1/0
Source: C:\Users\user\Desktop\file.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\file.exe.log Jump to behavior
Source: C:\Users\user\Desktop\file.exe Mutant created: NULL
Source: C:\Users\user\Desktop\file.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers Jump to behavior
Source: file.exe String found in binary or memory: 3The file %s is missing. Please, re-install this application
Source: file.exe String found in binary or memory: 3Cannot find '%s'. Please, re-install this application
Source: C:\Users\user\Desktop\file.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: winmm.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: version.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Users\user\Desktop\file.exe Section loaded: sspicli.dll Jump to behavior
Source: file.exe Static file information: File size 1758720 > 1048576
Source: file.exe Static PE information: Raw size of dsenwoqe is bigger than: 0x100000 < 0x1a7400
Source: Binary string: E:\defOff\defOff\defOff\obj\Release\defOff.pdb source: file.exe, 00000000.00000003.2187814691.0000000004AC0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2320979623.0000000000332000.00000040.00000001.01000000.00000003.sdmp

Data Obfuscation
barindex
Detected unpacking (changes PE section rights)
Source: C:\Users\user\Desktop\file.exe Unpacked PE file: 0.2.file.exe.330000.0.unpack :EW;.rsrc:W;.idata :W; :EW;dsenwoqe:EW;leuuuzyv:EW;.taggant:EW; vs :ER;.rsrc:W;
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .taggant
PE file contains an invalid checksum
Source: file.exe Static PE information: real checksum: 0x1b5d95 should be: 0x1aeb6e
PE file contains sections with non-standard names
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: .idata
Source: file.exe Static PE information: section name:
Source: file.exe Static PE information: section name: dsenwoqe
Source: file.exe Static PE information: section name: leuuuzyv
Source: file.exe Static PE information: section name: .taggant
Uses code obfuscation techniques (call, push, ret)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0033E4CC push ecx; mov dword ptr [esp], 7BF52F81h 0_2_0033F453
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034082D push edi; mov dword ptr [esp], ebp 0_2_0034084D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053A055 push 7A6E01F2h; mov dword ptr [esp], ebp 0_2_0053A07F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053A055 push eax; mov dword ptr [esp], ebx 0_2_0053A09A
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0053A055 push 6DDDB788h; mov dword ptr [esp], esi 0_2_0053A0D5
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039805F push ebp; mov dword ptr [esp], esp 0_2_003983C0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039805F push 09231A15h; mov dword ptr [esp], edi 0_2_003983D0
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039805F push edi; mov dword ptr [esp], ebp 0_2_0039844F
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039805F push edx; mov dword ptr [esp], 7EF7EAE5h 0_2_00398648
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0039805F push 1E63242Ah; mov dword ptr [esp], ecx 0_2_003986B8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005C60D1 push eax; mov dword ptr [esp], ecx 0_2_005C6126
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005C60D1 push 41F13CA7h; mov dword ptr [esp], ebp 0_2_005C6145
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005C60D1 push 2F970ABAh; mov dword ptr [esp], esi 0_2_005C6155
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054E0C8 push 0F1F46AAh; mov dword ptr [esp], eax 0_2_0054E10D
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054E0C8 push edi; mov dword ptr [esp], 75CD43A3h 0_2_0054E13B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054E0C8 push edi; mov dword ptr [esp], esi 0_2_0054E1B9
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0054E0C8 push 7C0D97D8h; mov dword ptr [esp], esp 0_2_0054E1C1
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0033C090 push ebp; mov dword ptr [esp], edi 0_2_0033C7A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0033C0FE push 15F12BA4h; mov dword ptr [esp], ecx 0_2_0033C3BC
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_005740B2 push ecx; mov dword ptr [esp], esp 0_2_005740D2
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004100BD push ecx; mov dword ptr [esp], esi 0_2_00410182
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_004100BD push edi; mov dword ptr [esp], 525D4030h 0_2_004101A7
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034016B push ebx; mov dword ptr [esp], edx 0_2_00343418
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0034016B push esi; mov dword ptr [esp], ebx 0_2_0034341C
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003821BC push ebp; mov dword ptr [esp], 46F16C0Dh 0_2_0038265B
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003821BC push esi; mov dword ptr [esp], ebx 0_2_00382684
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003821BC push 02CBC5E3h; mov dword ptr [esp], esi 0_2_00382740
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003821BC push eax; mov dword ptr [esp], edx 0_2_00382794
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003821BC push eax; mov dword ptr [esp], 2D9C40FFh 0_2_003827A4
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003821BC push edi; mov dword ptr [esp], esi 0_2_003827C8
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_003821BC push ebx; mov dword ptr [esp], edi 0_2_0038281F
Source: file.exe Static PE information: section name: entropy: 7.789485049829895
Source: file.exe Static PE information: section name: dsenwoqe entropy: 7.953509163753791

Boot Survival
barindex
Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: RegmonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: FilemonClass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Filemonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: PROCMON_WINDOW_CLASS Jump to behavior
Source: C:\Users\user\Desktop\file.exe Window searched: window name: Regmonclass Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information set: NOOPENFILEERRORBOX Jump to behavior

Malware Analysis System Evasion
barindex
Tries to detect sandboxes / dynamic malware analysis system (registry check)
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_CURRENT_USER\Software\Wine Jump to behavior
Source: C:\Users\user\Desktop\file.exe File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__ Jump to behavior
Tries to detect virtualization through RDTSC time measurements
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 33D968 second address: 33D96C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4ACEBE second address: 4ACED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jo 00007FA958BE8076h 0x0000000e popad 0x0000000f push edi 0x00000010 jne 00007FA958BE8076h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B87A4 second address: 4B87AE instructions: 0x00000000 rdtsc 0x00000002 jbe 00007FA958DB0DD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B891D second address: 4B8921 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B8921 second address: 4B8927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B8927 second address: 4B892D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B892D second address: 4B897A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE5h 0x00000007 jbe 00007FA958DB0DDCh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 jmp 00007FA958DB0DE3h 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 pop esi 0x00000019 jmp 00007FA958DB0DE0h 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B897A second address: 4B898F instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA958BE8076h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jl 00007FA958BE8076h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B8D88 second address: 4B8D8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B8D8C second address: 4B8D92 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B8D92 second address: 4B8DDF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jmp 00007FA958DB0DDBh 0x0000000e jmp 00007FA958DB0DDAh 0x00000013 popad 0x00000014 pop esi 0x00000015 pushad 0x00000016 push ecx 0x00000017 jc 00007FA958DB0DD6h 0x0000001d je 00007FA958DB0DD6h 0x00000023 pop ecx 0x00000024 push edi 0x00000025 jmp 00007FA958DB0DE4h 0x0000002a pop edi 0x0000002b ja 00007FA958DB0DE2h 0x00000031 push eax 0x00000032 push edx 0x00000033 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAA98 second address: 4BAAB2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 mov eax, dword ptr [eax] 0x00000009 pushad 0x0000000a jo 00007FA958BE807Ch 0x00000010 jp 00007FA958BE8076h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 pop eax 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAAB2 second address: 4BAAD0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp+04h], eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAAD0 second address: 4BAAD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAAD4 second address: 4BAAE2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 je 00007FA958DB0DD6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAB1F second address: 4BAB24 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAB24 second address: 4BAB64 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 jmp 00007FA958DB0DE6h 0x0000000d nop 0x0000000e xor ecx, 65FD8A41h 0x00000014 push 00000000h 0x00000016 mov ecx, dword ptr [ebp+122D2A90h] 0x0000001c push 2E59EF96h 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007FA958DB0DDCh 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAB64 second address: 4BABA9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xor dword ptr [esp], 2E59EF16h 0x00000010 sub dword ptr [ebp+122D36B3h], eax 0x00000016 push 00000003h 0x00000018 mov esi, 6E05E332h 0x0000001d push 00000000h 0x0000001f or dword ptr [ebp+122D1CC9h], edx 0x00000025 push 00000003h 0x00000027 mov ecx, dword ptr [ebp+122D2AC0h] 0x0000002d call 00007FA958BE8079h 0x00000032 push ecx 0x00000033 jnp 00007FA958BE807Ch 0x00000039 push eax 0x0000003a push edx 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BABA9 second address: 4BAC13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 jmp 00007FA958DB0DE6h 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jnl 00007FA958DB0DF2h 0x00000015 mov eax, dword ptr [eax] 0x00000017 push ecx 0x00000018 pushad 0x00000019 ja 00007FA958DB0DD6h 0x0000001f push edx 0x00000020 pop edx 0x00000021 popad 0x00000022 pop ecx 0x00000023 mov dword ptr [esp+04h], eax 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007FA958DB0DE4h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAC13 second address: 4BAC18 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAC6F second address: 4BAC73 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAC73 second address: 4BAC77 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAC77 second address: 4BAC7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAC7D second address: 4BAC87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FA958BE8076h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAC87 second address: 4BAD04 instructions: 0x00000000 rdtsc 0x00000002 jne 00007FA958DB0DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push esi 0x0000000e je 00007FA958DB0DD8h 0x00000014 pushad 0x00000015 popad 0x00000016 pop esi 0x00000017 nop 0x00000018 push 00000000h 0x0000001a push eax 0x0000001b call 00007FA958DB0DD8h 0x00000020 pop eax 0x00000021 mov dword ptr [esp+04h], eax 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc eax 0x0000002e push eax 0x0000002f ret 0x00000030 pop eax 0x00000031 ret 0x00000032 jmp 00007FA958DB0DE3h 0x00000037 push 00000000h 0x00000039 sub dword ptr [ebp+122D1A46h], ebx 0x0000003f mov edx, dword ptr [ebp+122D284Ch] 0x00000045 push 6C14DED0h 0x0000004a pushad 0x0000004b push eax 0x0000004c push edx 0x0000004d jmp 00007FA958DB0DE7h 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAD04 second address: 4BAD08 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAD08 second address: 4BAD11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAD11 second address: 4BADB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE8081h 0x00000009 popad 0x0000000a popad 0x0000000b xor dword ptr [esp], 6C14DE50h 0x00000012 mov edi, 53D1C0A5h 0x00000017 push 00000003h 0x00000019 movzx ecx, ax 0x0000001c push 00000000h 0x0000001e xor si, 8BC3h 0x00000023 push 00000003h 0x00000025 mov dword ptr [ebp+122D1C06h], ebx 0x0000002b push 8232A2AAh 0x00000030 pushad 0x00000031 jo 00007FA958BE807Ch 0x00000037 jnl 00007FA958BE8076h 0x0000003d push ebx 0x0000003e jmp 00007FA958BE807Dh 0x00000043 pop ebx 0x00000044 popad 0x00000045 xor dword ptr [esp], 4232A2AAh 0x0000004c push 00000000h 0x0000004e push ecx 0x0000004f call 00007FA958BE8078h 0x00000054 pop ecx 0x00000055 mov dword ptr [esp+04h], ecx 0x00000059 add dword ptr [esp+04h], 00000014h 0x00000061 inc ecx 0x00000062 push ecx 0x00000063 ret 0x00000064 pop ecx 0x00000065 ret 0x00000066 mov dh, 9Ch 0x00000068 cld 0x00000069 lea ebx, dword ptr [ebp+124509C3h] 0x0000006f mov dword ptr [ebp+122D1D49h], eax 0x00000075 pushad 0x00000076 mov dx, 7D96h 0x0000007a mov eax, dword ptr [ebp+122D2824h] 0x00000080 popad 0x00000081 xchg eax, ebx 0x00000082 push eax 0x00000083 push edx 0x00000084 jg 00007FA958BE8078h 0x0000008a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4BAE6B second address: 4BAE89 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 nop 0x00000009 mov edx, esi 0x0000000b push 00000000h 0x0000000d mov esi, edi 0x0000000f push E0582499h 0x00000014 push eax 0x00000015 push edx 0x00000016 ja 00007FA958DB0DD8h 0x0000001c push edi 0x0000001d pop edi 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DCEAE second address: 4DCEB2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DCEB2 second address: 4DCEEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007FA958DB0DE6h 0x0000000c jmp 00007FA958DB0DE0h 0x00000011 js 00007FA958DB0DD8h 0x00000017 push esi 0x00000018 pop esi 0x00000019 pushad 0x0000001a push ecx 0x0000001b pop ecx 0x0000001c jmp 00007FA958DB0DE1h 0x00000021 push esi 0x00000022 pop esi 0x00000023 push eax 0x00000024 push edx 0x00000025 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DAE7D second address: 4DAE83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DAE83 second address: 4DAE89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DAFF9 second address: 4DB04F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d popad 0x0000000e pushad 0x0000000f push esi 0x00000010 jmp 00007FA958BE8088h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 pop esi 0x00000018 push ecx 0x00000019 push edi 0x0000001a pop edi 0x0000001b pushad 0x0000001c popad 0x0000001d pop ecx 0x0000001e pushad 0x0000001f jo 00007FA958BE8076h 0x00000025 push edx 0x00000026 pop edx 0x00000027 jne 00007FA958BE8076h 0x0000002d push eax 0x0000002e push edx 0x0000002f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DB18D second address: 4DB193 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DB193 second address: 4DB197 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DB197 second address: 4DB1B7 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007FA958DB0DE7h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DB1B7 second address: 4DB1BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DB1BE second address: 4DB1DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FA958DB0DE9h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DB32A second address: 4DB349 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA958BE8076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jne 00007FA958BE8078h 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 pushad 0x00000015 popad 0x00000016 jo 00007FA958BE8076h 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DB8BA second address: 4DB8C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 pushad 0x00000007 popad 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DB8C5 second address: 4DB8CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DB9F5 second address: 4DB9FB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DB9FB second address: 4DBA18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007FA958BE807Ch 0x0000000b jnc 00007FA958BE8076h 0x00000011 pop ecx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DBA18 second address: 4DBA1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DBA1C second address: 4DBA26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DBCB8 second address: 4DBCC8 instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA958DB0DD6h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DBCC8 second address: 4DBCCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4D124C second address: 4D1261 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA958DB0DE0h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DC606 second address: 4DC60A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE494 second address: 4DE499 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE499 second address: 4DE4BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 jmp 00007FA958BE8084h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007FA958BE8076h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE4BE second address: 4DE4D9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA958DB0DD6h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jmp 00007FA958DB0DDBh 0x00000012 push edi 0x00000013 pop edi 0x00000014 pop ecx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE4D9 second address: 4DE4E1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4DE4E1 second address: 4DE50F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jc 00007FA958DB0DD6h 0x00000011 jmp 00007FA958DB0DDEh 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E1405 second address: 4E1423 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8085h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E1423 second address: 4E1429 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E1429 second address: 4E1444 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d jmp 00007FA958BE807Bh 0x00000012 pushad 0x00000013 popad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E03F9 second address: 4E041C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 push ecx 0x00000009 jmp 00007FA958DB0DE5h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 push esi 0x00000012 pop esi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AB511 second address: 4AB517 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8BE9 second address: 4E8BED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8BED second address: 4E8BF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8BF1 second address: 4E8C17 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edi 0x00000008 pop edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop eax 0x0000000c jmp 00007FA958DB0DDFh 0x00000011 popad 0x00000012 js 00007FA958DB0DEAh 0x00000018 push eax 0x00000019 push edx 0x0000001a push esi 0x0000001b pop esi 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8C17 second address: 4E8C1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8DBD second address: 4E8DC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8DC1 second address: 4E8DD3 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA958BE8076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007FA958BE8076h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8DD3 second address: 4E8DD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4E8DD7 second address: 4E8DE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB78A second address: 4EB790 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EB823 second address: 4EB827 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EBBF4 second address: 4EBBF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EBBF8 second address: 4EBBFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EBBFE second address: 4EBC03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EBCB7 second address: 4EBCBB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EBCBB second address: 4EBCC1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EBCC1 second address: 4EBCEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jc 00007FA958BE8076h 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 jmp 00007FA958BE8089h 0x00000015 pop edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EBE7A second address: 4EBE84 instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA958DB0DDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC30C second address: 4EC310 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC310 second address: 4EC316 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC316 second address: 4EC31C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC31C second address: 4EC3BB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e and di, E829h 0x00000013 push 00000000h 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007FA958DB0DD8h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f jmp 00007FA958DB0DE2h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push edi 0x00000039 call 00007FA958DB0DD8h 0x0000003e pop edi 0x0000003f mov dword ptr [esp+04h], edi 0x00000043 add dword ptr [esp+04h], 00000019h 0x0000004b inc edi 0x0000004c push edi 0x0000004d ret 0x0000004e pop edi 0x0000004f ret 0x00000050 movsx edi, cx 0x00000053 xchg eax, ebx 0x00000054 jmp 00007FA958DB0DDEh 0x00000059 push eax 0x0000005a push eax 0x0000005b push edx 0x0000005c jmp 00007FA958DB0DE4h 0x00000061 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EC3BB second address: 4EC3D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA958BE8082h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4ECDAB second address: 4ECDB3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4ECC78 second address: 4ECC7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4ECDB3 second address: 4ECE00 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 push eax 0x00000007 jmp 00007FA958DB0DDBh 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007FA958DB0DD8h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000017h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 mov esi, eax 0x00000029 push 00000000h 0x0000002b mov edi, 6CB6186Eh 0x00000030 push 00000000h 0x00000032 mov edi, dword ptr [ebp+1247B1E2h] 0x00000038 push eax 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c jnl 00007FA958DB0DD6h 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4ECC7C second address: 4ECCAB instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jns 00007FA958BE8089h 0x0000000c jmp 00007FA958BE8083h 0x00000011 popad 0x00000012 push eax 0x00000013 je 00007FA958BE8084h 0x00000019 push eax 0x0000001a push edx 0x0000001b jnl 00007FA958BE8076h 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4ECE00 second address: 4ECE0F instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA958DB0DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push edx 0x0000000c pop edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF4D0 second address: 4EF4D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EF4D4 second address: 4EF4E5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EFFD1 second address: 4EFFEE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EFFEE second address: 4F001A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007FA958DB0DDCh 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e jmp 00007FA958DB0DE5h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F0A96 second address: 4F0AF1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push esi 0x0000000d call 00007FA958BE8078h 0x00000012 pop esi 0x00000013 mov dword ptr [esp+04h], esi 0x00000017 add dword ptr [esp+04h], 00000016h 0x0000001f inc esi 0x00000020 push esi 0x00000021 ret 0x00000022 pop esi 0x00000023 ret 0x00000024 movzx edi, ax 0x00000027 push 00000000h 0x00000029 push ebx 0x0000002a movzx edi, cx 0x0000002d pop esi 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007FA958BE8078h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 0000001Ah 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a push eax 0x0000004b push edi 0x0000004c push esi 0x0000004d push eax 0x0000004e push edx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EFD3E second address: 4EFD4B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EFD4B second address: 4EFD4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4EFD4F second address: 4EFD53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F6977 second address: 4F697B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F9992 second address: 4F99AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007FA958DB0DE1h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F99AA second address: 4F99C4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA958BE8080h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F1287 second address: 4F128D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F5B3C second address: 4F5B40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F6B16 second address: 4F6B27 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DDDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F8D05 second address: 4F8D0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F9C64 second address: 4F9C6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F128D second address: 4F1291 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FAA6A second address: 4FAA6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F6B27 second address: 4F6B2D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F8D0A second address: 4F8D1F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a ja 00007FA958DB0DD8h 0x00000010 push eax 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F9C6D second address: 4F9C71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FAA6E second address: 4FAA72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F5BFD second address: 4F5C01 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F6B2D second address: 4F6B31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F9C71 second address: 4F9C75 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FAA72 second address: 4FAA78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F6B31 second address: 4F6B35 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FAA78 second address: 4FAA7D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F6B35 second address: 4F6B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push esi 0x0000000b jc 00007FA958BE8076h 0x00000011 pop esi 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F6B4B second address: 4F6B4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F6C3D second address: 4F6C47 instructions: 0x00000000 rdtsc 0x00000002 je 00007FA958BE807Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F6C47 second address: 4F6C5C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jng 00007FA958DB0DE2h 0x0000000d js 00007FA958DB0DDCh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FDA4F second address: 4FDACF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jne 00007FA958BE8076h 0x00000010 pop edi 0x00000011 popad 0x00000012 nop 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007FA958BE8078h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000015h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d pushad 0x0000002e pushad 0x0000002f call 00007FA958BE8086h 0x00000034 pop ecx 0x00000035 mov bx, dx 0x00000038 popad 0x00000039 popad 0x0000003a push 00000000h 0x0000003c mov dword ptr [ebp+122D1CEAh], edi 0x00000042 push 00000000h 0x00000044 or dword ptr [ebp+12463949h], esi 0x0000004a xchg eax, esi 0x0000004b jmp 00007FA958BE807Ah 0x00000050 push eax 0x00000051 push eax 0x00000052 push edx 0x00000053 jne 00007FA958BE8078h 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FEAF0 second address: 4FEB23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007FA958DB0DD6h 0x0000000a popad 0x0000000b jbe 00007FA958DB0DEDh 0x00000011 jmp 00007FA958DB0DE7h 0x00000016 popad 0x00000017 push eax 0x00000018 push ecx 0x00000019 jp 00007FA958DB0DDCh 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 500C1B second address: 500C52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8087h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA958BE8083h 0x00000011 jnc 00007FA958BE8076h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 500C52 second address: 500C66 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007FA958DB0DD8h 0x0000000c push eax 0x0000000d push edx 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 500C66 second address: 500C6A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 501291 second address: 501295 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 501295 second address: 50129C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 50129C second address: 5012A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5012A9 second address: 5012FB instructions: 0x00000000 rdtsc 0x00000002 jp 00007FA958BE8076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d pop edx 0x0000000e popad 0x0000000f nop 0x00000010 mov dword ptr [ebp+12461D0Fh], ebx 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push ebx 0x0000001b call 00007FA958BE8078h 0x00000020 pop ebx 0x00000021 mov dword ptr [esp+04h], ebx 0x00000025 add dword ptr [esp+04h], 0000001Dh 0x0000002d inc ebx 0x0000002e push ebx 0x0000002f ret 0x00000030 pop ebx 0x00000031 ret 0x00000032 mov bx, dx 0x00000035 movsx edi, bx 0x00000038 push 00000000h 0x0000003a sub dword ptr [ebp+122D2F60h], eax 0x00000040 push eax 0x00000041 pushad 0x00000042 pushad 0x00000043 push ebx 0x00000044 pop ebx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5012FB second address: 501303 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FCBF6 second address: 4FCCA8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push esi 0x0000000f call 00007FA958BE8078h 0x00000014 pop esi 0x00000015 mov dword ptr [esp+04h], esi 0x00000019 add dword ptr [esp+04h], 0000001Ch 0x00000021 inc esi 0x00000022 push esi 0x00000023 ret 0x00000024 pop esi 0x00000025 ret 0x00000026 push dword ptr fs:[00000000h] 0x0000002d or bx, E612h 0x00000032 mov bh, cl 0x00000034 mov dword ptr fs:[00000000h], esp 0x0000003b push 00000000h 0x0000003d push eax 0x0000003e call 00007FA958BE8078h 0x00000043 pop eax 0x00000044 mov dword ptr [esp+04h], eax 0x00000048 add dword ptr [esp+04h], 0000001Dh 0x00000050 inc eax 0x00000051 push eax 0x00000052 ret 0x00000053 pop eax 0x00000054 ret 0x00000055 pushad 0x00000056 popad 0x00000057 mov eax, dword ptr [ebp+122D0C45h] 0x0000005d mov edi, dword ptr [ebp+122D27ECh] 0x00000063 push FFFFFFFFh 0x00000065 pushad 0x00000066 mov dword ptr [ebp+122D1A15h], esi 0x0000006c mov bx, dx 0x0000006f popad 0x00000070 nop 0x00000071 push edi 0x00000072 jmp 00007FA958BE807Dh 0x00000077 pop edi 0x00000078 push eax 0x00000079 push eax 0x0000007a push edx 0x0000007b jmp 00007FA958BE8085h 0x00000080 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B1E58 second address: 4B1E5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B1E5C second address: 4B1E79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE8087h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B1E79 second address: 4B1E7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B1E7F second address: 4B1E83 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 506A51 second address: 506AA9 instructions: 0x00000000 rdtsc 0x00000002 jg 00007FA958DB0DD8h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ecx 0x0000000c jmp 00007FA958DB0DE1h 0x00000011 pop ecx 0x00000012 nop 0x00000013 xor dword ptr [ebp+124732D3h], edx 0x00000019 push 00000000h 0x0000001b jnc 00007FA958DB0DDCh 0x00000021 push 00000000h 0x00000023 je 00007FA958DB0DDCh 0x00000029 mov ebx, dword ptr [ebp+122D28B8h] 0x0000002f mov edi, dword ptr [ebp+122D180Bh] 0x00000035 xchg eax, esi 0x00000036 jo 00007FA958DB0DE8h 0x0000003c push eax 0x0000003d push edx 0x0000003e jp 00007FA958DB0DD6h 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FDD5D second address: 4FDD63 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FDD63 second address: 4FDD6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007FA958DB0DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4FEDB3 second address: 4FEDD5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007FA958BE807Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 502404 second address: 50240E instructions: 0x00000000 rdtsc 0x00000002 jns 00007FA958DB0DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5024E3 second address: 5024E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 505BC4 second address: 505BC8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5175E4 second address: 5175EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 51FC94 second address: 51FCBC instructions: 0x00000000 rdtsc 0x00000002 jng 00007FA958DB0DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jp 00007FA958DB0DDCh 0x00000010 popad 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 pushad 0x00000016 jno 00007FA958DB0DD8h 0x0000001c push eax 0x0000001d push edx 0x0000001e push esi 0x0000001f pop esi 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B0462 second address: 4B0478 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007FA958BE8080h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52383C second address: 523844 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 523844 second address: 52385A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA958BE807Ch 0x00000009 jnc 00007FA958BE8076h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 523E11 second address: 523E2C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007FA958DB0DE5h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 523E2C second address: 523E46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA958BE8084h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 523FCB second address: 523FD8 instructions: 0x00000000 rdtsc 0x00000002 js 00007FA958DB0DD6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 523FD8 second address: 523FDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 524164 second address: 524168 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52429B second address: 52429F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52429F second address: 5242A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5242A3 second address: 5242A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5242A9 second address: 5242AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52454C second address: 524550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 524550 second address: 524555 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 524555 second address: 524565 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE807Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 524809 second address: 52480E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52480E second address: 524826 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA958BE8082h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52E34B second address: 52E350 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52CFA7 second address: 52CFD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jmp 00007FA958BE8084h 0x0000000b popad 0x0000000c jl 00007FA958BE8082h 0x00000012 jns 00007FA958BE8076h 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52CFD0 second address: 52CFD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52CFD4 second address: 52CFD9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52D153 second address: 52D159 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52D6C5 second address: 52D71F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007FA958BE808Bh 0x0000000c jnc 00007FA958BE807Ch 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007FA958BE8087h 0x0000001a push eax 0x0000001b push edx 0x0000001c pushad 0x0000001d popad 0x0000001e jmp 00007FA958BE807Fh 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52D71F second address: 52D723 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52D723 second address: 52D729 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52D729 second address: 52D72F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52D72F second address: 52D734 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52DA42 second address: 52DA4A instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52DD18 second address: 52DD26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 pushad 0x00000009 pushad 0x0000000a push edi 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52DD26 second address: 52DD61 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958DB0DE0h 0x00000009 popad 0x0000000a pushad 0x0000000b jmp 00007FA958DB0DE9h 0x00000010 jnl 00007FA958DB0DD6h 0x00000016 pushad 0x00000017 popad 0x00000018 popad 0x00000019 pushad 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52DD61 second address: 52DD67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 52E02F second address: 52E035 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F26BE second address: 4F2724 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE8082h 0x00000009 popad 0x0000000a jnp 00007FA958BE807Ch 0x00000010 popad 0x00000011 mov dword ptr [esp], eax 0x00000014 xor dword ptr [ebp+122DB508h], edx 0x0000001a lea eax, dword ptr [ebp+124883E0h] 0x00000020 push 00000000h 0x00000022 push esi 0x00000023 call 00007FA958BE8078h 0x00000028 pop esi 0x00000029 mov dword ptr [esp+04h], esi 0x0000002d add dword ptr [esp+04h], 00000016h 0x00000035 inc esi 0x00000036 push esi 0x00000037 ret 0x00000038 pop esi 0x00000039 ret 0x0000003a sub edx, dword ptr [ebp+122D387Ch] 0x00000040 push eax 0x00000041 pushad 0x00000042 jmp 00007FA958BE807Ah 0x00000047 pushad 0x00000048 push eax 0x00000049 push edx 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2724 second address: 4D124C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push ebx 0x0000000e call 00007FA958DB0DD8h 0x00000013 pop ebx 0x00000014 mov dword ptr [esp+04h], ebx 0x00000018 add dword ptr [esp+04h], 0000001Bh 0x00000020 inc ebx 0x00000021 push ebx 0x00000022 ret 0x00000023 pop ebx 0x00000024 ret 0x00000025 mov ch, FEh 0x00000027 call dword ptr [ebp+122D1C65h] 0x0000002d jmp 00007FA958DB0DE6h 0x00000032 push eax 0x00000033 push edx 0x00000034 jmp 00007FA958DB0DDCh 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2D99 second address: 4F2DAE instructions: 0x00000000 rdtsc 0x00000002 je 00007FA958BE8076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jl 00007FA958BE8076h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2DAE second address: 4F2DB4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2DB4 second address: 4F2DBF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jno 00007FA958BE8076h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2EA1 second address: 4F2EA7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2FA9 second address: 4F2FB2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2FB2 second address: 4F2FD3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push esi 0x0000000a jmp 00007FA958DB0DE6h 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2FD3 second address: 4F2FD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2FD8 second address: 4F2FEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 js 00007FA958DB0DD6h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2FEF second address: 4F2FF5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2FF5 second address: 4F2FFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F2FFA second address: 4F3000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F30BD second address: 4F30E4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA958DB0DE5h 0x00000008 jp 00007FA958DB0DD6h 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F30E4 second address: 4F30E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F357B second address: 4F35FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop ebx 0x00000006 push eax 0x00000007 pushad 0x00000008 jmp 00007FA958DB0DE9h 0x0000000d jp 00007FA958DB0DD8h 0x00000013 popad 0x00000014 nop 0x00000015 push 00000000h 0x00000017 push eax 0x00000018 call 00007FA958DB0DD8h 0x0000001d pop eax 0x0000001e mov dword ptr [esp+04h], eax 0x00000022 add dword ptr [esp+04h], 0000001Dh 0x0000002a inc eax 0x0000002b push eax 0x0000002c ret 0x0000002d pop eax 0x0000002e ret 0x0000002f push 0000001Eh 0x00000031 push 00000000h 0x00000033 push ecx 0x00000034 call 00007FA958DB0DD8h 0x00000039 pop ecx 0x0000003a mov dword ptr [esp+04h], ecx 0x0000003e add dword ptr [esp+04h], 00000016h 0x00000046 inc ecx 0x00000047 push ecx 0x00000048 ret 0x00000049 pop ecx 0x0000004a ret 0x0000004b push eax 0x0000004c push eax 0x0000004d push edx 0x0000004e pushad 0x0000004f jo 00007FA958DB0DD6h 0x00000055 jnp 00007FA958DB0DD6h 0x0000005b popad 0x0000005c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F3891 second address: 4F3896 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F3896 second address: 4F38BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jl 00007FA958DB0DD6h 0x00000016 jmp 00007FA958DB0DDFh 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F394C second address: 4F395D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F395D second address: 4F3963 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4F3963 second address: 4F39F5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a jmp 00007FA958BE807Ah 0x0000000f pop eax 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007FA958BE8078h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 0000001Bh 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b movzx ecx, di 0x0000002e lea eax, dword ptr [ebp+12488424h] 0x00000034 push 00000000h 0x00000036 push eax 0x00000037 call 00007FA958BE8078h 0x0000003c pop eax 0x0000003d mov dword ptr [esp+04h], eax 0x00000041 add dword ptr [esp+04h], 0000001Ah 0x00000049 inc eax 0x0000004a push eax 0x0000004b ret 0x0000004c pop eax 0x0000004d ret 0x0000004e push eax 0x0000004f push eax 0x00000050 jmp 00007FA958BE8081h 0x00000055 pop eax 0x00000056 mov dword ptr [esp], eax 0x00000059 sub edi, dword ptr [ebp+122D2994h] 0x0000005f lea eax, dword ptr [ebp+124883E0h] 0x00000065 mov dword ptr [ebp+122DB4E8h], esi 0x0000006b push eax 0x0000006c pushad 0x0000006d pushad 0x0000006e push eax 0x0000006f push edx 0x00000070 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5320CB second address: 5320D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5320D1 second address: 5320DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE807Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5384BB second address: 5384C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5384C1 second address: 5384C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5370BD second address: 5370C1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5370C1 second address: 537100 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007FA958BE8076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007FA958BE8088h 0x00000011 jmp 00007FA958BE807Eh 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 je 00007FA958BE807Ah 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 537282 second address: 537286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 537286 second address: 537293 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 537909 second address: 53790D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53790D second address: 537913 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 537A64 second address: 537A6A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 537A6A second address: 537A6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 537A6E second address: 537A72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 537CF3 second address: 537D3D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA958BE8082h 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c jmp 00007FA958BE807Ch 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 jbe 00007FA958BE8088h 0x0000001c push edx 0x0000001d jno 00007FA958BE8076h 0x00000023 pop edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 537E8A second address: 537E90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 537E90 second address: 537E95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 537E95 second address: 537E9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53832E second address: 538339 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA958BE8076h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 538339 second address: 53833F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 539F57 second address: 539F76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007FA958BE8087h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 539F76 second address: 539F7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53CBFA second address: 53CC00 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53CC00 second address: 53CC10 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 js 00007FA958DB0DD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 53CC10 second address: 53CC14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5402F9 second address: 5402FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54046B second address: 540471 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5405C7 second address: 5405CB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5405CB second address: 5405D5 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007FA958BE8076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5405D5 second address: 5405E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007FA958DB0DDAh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54A68A second address: 54A69A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Bh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54909B second address: 5490AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 ja 00007FA958DB0DDEh 0x0000000b jl 00007FA958DB0DD6h 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5490AE second address: 5490C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA958BE8083h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5490C5 second address: 5490D4 instructions: 0x00000000 rdtsc 0x00000002 jc 00007FA958DB0DD6h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5490D4 second address: 5490DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5493A2 second address: 5493AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 549778 second address: 5497AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8084h 0x00000007 jmp 00007FA958BE8083h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push edx 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pop edx 0x00000013 push ecx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54A3F4 second address: 54A3FE instructions: 0x00000000 rdtsc 0x00000002 ja 00007FA958DB0DDCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AE9DA second address: 4AE9E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AE9E5 second address: 4AE9E9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4AE9E9 second address: 4AE9ED instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54DC88 second address: 54DC8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54DC8F second address: 54DCA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007FA958BE8076h 0x0000000a pop eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push edi 0x00000012 pop edi 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54DCA3 second address: 54DCA9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54DDEA second address: 54DDF0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54DDF0 second address: 54DDF6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 54DDF6 second address: 54DDFC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 550B83 second address: 550B90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jl 00007FA958DB0DD6h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 550D2D second address: 550D3D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Bh 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 550D3D second address: 550D43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 557CE3 second address: 557CE9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5593BB second address: 5593CA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA958DB0DDAh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5593CA second address: 5593D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5596A5 second address: 5596A9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5596A9 second address: 5596B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jns 00007FA958BE8078h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5596B9 second address: 5596C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007FA958DB0DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55CA22 second address: 55CA5E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE807Eh 0x00000007 jmp 00007FA958BE8087h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007FA958BE8083h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55CA5E second address: 55CA64 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55CA64 second address: 55CA68 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55CA68 second address: 55CA7D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007FA958DB0DDBh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55CBE4 second address: 55CC06 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007FA958BE8088h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55CD4F second address: 55CD53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D038 second address: 55D043 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D043 second address: 55D04E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007FA958DB0DD6h 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D5E4 second address: 55D5ED instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D5ED second address: 55D5F1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 55D5F1 second address: 55D5F9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56246C second address: 562476 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007FA958DB0DD6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562476 second address: 562485 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007FA958BE8076h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 562485 second address: 56248B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 569C78 second address: 569C7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 569C7E second address: 569C98 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 569C98 second address: 569CC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE8087h 0x00000009 popad 0x0000000a popad 0x0000000b jp 00007FA958BE8098h 0x00000011 push eax 0x00000012 push edx 0x00000013 jc 00007FA958BE8076h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 569CC5 second address: 569CC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 569E3D second address: 569E43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 569E43 second address: 569E4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007FA958DB0DD6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 569E4E second address: 569E53 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56A761 second address: 56A765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56A765 second address: 56A76B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56A76B second address: 56A775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56A775 second address: 56A779 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56A779 second address: 56A788 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007FA958DB0DD6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56A788 second address: 56A78E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56A8A9 second address: 56A8DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958DB0DE3h 0x00000009 jmp 00007FA958DB0DDBh 0x0000000e popad 0x0000000f pushad 0x00000010 jo 00007FA958DB0DD6h 0x00000016 push edi 0x00000017 pop edi 0x00000018 popad 0x00000019 pushad 0x0000001a pushad 0x0000001b popad 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56A8DB second address: 56A918 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 jp 00007FA958BE807Ah 0x0000000d popad 0x0000000e pushad 0x0000000f jmp 00007FA958BE8082h 0x00000014 jg 00007FA958BE8084h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56A918 second address: 56A91C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5697E4 second address: 5697E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56E198 second address: 56E19E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 56E19E second address: 56E1A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B3817 second address: 4B383C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE5h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f jnp 00007FA958DB0DD6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B383C second address: 4B3859 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8089h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B3859 second address: 4B385F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 4B385F second address: 4B387E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 jmp 00007FA958BE8081h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b js 00007FA958BE807Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 573E3B second address: 573E4F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958DB0DE0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 573E4F second address: 573E53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 573E53 second address: 573E59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 573FEF second address: 574003 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 je 00007FA958BE8076h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jnc 00007FA958BE8076h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 574003 second address: 574007 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 574141 second address: 57414B instructions: 0x00000000 rdtsc 0x00000002 js 00007FA958BE8076h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 582B7D second address: 582B8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ebx 0x00000007 pop ebx 0x00000008 jno 00007FA958DB0DD6h 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5824BD second address: 5824C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5824C3 second address: 5824CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5824CA second address: 582505 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007FA958BE807Ah 0x00000008 jns 00007FA958BE8076h 0x0000000e popad 0x0000000f push eax 0x00000010 jmp 00007FA958BE807Bh 0x00000015 pop eax 0x00000016 pop edx 0x00000017 pop eax 0x00000018 push eax 0x00000019 push edx 0x0000001a jnl 00007FA958BE8082h 0x00000020 push edi 0x00000021 push eax 0x00000022 pop eax 0x00000023 pop edi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 582505 second address: 582521 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007FA958DB0DE6h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 582521 second address: 582533 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007FA958BE8076h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jne 00007FA958BE8076h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 582698 second address: 5826C0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE5h 0x00000007 jmp 00007FA958DB0DDFh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5826C0 second address: 5826C5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 58A66D second address: 58A671 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59093D second address: 59095F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007FA958BE8088h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5944A9 second address: 5944AF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5944AF second address: 5944BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5944BC second address: 5944DC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE4h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 js 00007FA958DB0DDCh 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5944DC second address: 5944E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5944E0 second address: 5944E5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59CEFC second address: 59CF02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59D05D second address: 59D065 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59D1A3 second address: 59D1A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59D1A7 second address: 59D1BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnp 00007FA958DB0DD6h 0x0000000d je 00007FA958DB0DD6h 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59D1BB second address: 59D1CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007FA958BE807Ch 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59D367 second address: 59D36B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59D36B second address: 59D37D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE807Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59D37D second address: 59D382 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59DF6D second address: 59DF71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59DF71 second address: 59DF9F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE1h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007FA958DB0DE3h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 59DF9F second address: 59DFA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5A3E4C second address: 5A3E52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AED24 second address: 5AED36 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jg 00007FA958BE807Ah 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5AED36 second address: 5AED3C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BCB4D second address: 5BCB53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BE676 second address: 5BE67C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BE67C second address: 5BE682 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BE682 second address: 5BE698 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958DB0DE1h 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5BE698 second address: 5BE69E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C5E9B second address: 5C5EA8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c pop eax 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C5EA8 second address: 5C5EAC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6313 second address: 5C6319 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6319 second address: 5C6337 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007FA958BE8089h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C6337 second address: 5C633C instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C633C second address: 5C6353 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 pushad 0x00000009 jp 00007FA958BE8076h 0x0000000f jbe 00007FA958BE8076h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C65BF second address: 5C65CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push ecx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ecx 0x0000000b popad 0x0000000c push esi 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C65CF second address: 5C65DF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 js 00007FA958BE8076h 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C9E4A second address: 5C9E80 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 jmp 00007FA958DB0DE8h 0x0000000b push eax 0x0000000c pop eax 0x0000000d pop esi 0x0000000e pushad 0x0000000f jmp 00007FA958DB0DE2h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5C990B second address: 5C9914 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 push esi 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CDE6C second address: 5CDE70 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CDE70 second address: 5CDE76 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CDE76 second address: 5CDE9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jc 00007FA958DB0DF4h 0x0000000c jmp 00007FA958DB0DE8h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D352B second address: 5D3561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 jmp 00007FA958BE8087h 0x0000000a pop ebx 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007FA958BE8085h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D3639 second address: 5D363D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5D4FFF second address: 5D502A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jmp 00007FA958BE807Fh 0x0000000b push edx 0x0000000c pop edx 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 jc 00007FA958BE8076h 0x00000017 jnc 00007FA958BE8076h 0x0000001d pop eax 0x0000001e pushad 0x0000001f push eax 0x00000020 push edx 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CAD63 second address: 5CAD86 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jc 00007FA958DB0DD6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007FA958DB0DE5h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe RDTSC instruction interceptor: First address: 5CAD86 second address: 5CAD9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007FA958BE8081h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Tries to evade debugger and weak emulator (self modifying code)
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 33D8BD instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 33DA07 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe Special instruction interceptor: First address: 33B08A instructions caused by: Self-modifying code
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4CE0000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 4E70000 memory reserve | memory write watch Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: 6E70000 memory reserve | memory write watch Jump to behavior
Contains capabilities to detect virtual machines
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion Jump to behavior
Source: C:\Users\user\Desktop\file.exe Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0033E070 rdtsc 0_2_0033E070
Contains long sleeps (>= 3 min)
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Users\user\Desktop\file.exe TID: 7136 Thread sleep time: -922337203685477s >= -30000s Jump to behavior
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0051A6E3 GetSystemInfo,VirtualAlloc, 0_2_0051A6E3
Source: C:\Users\user\Desktop\file.exe Thread delayed: delay time: 922337203685477 Jump to behavior
Source: file.exe, file.exe, 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: C:\Users\user\Desktop\file.exe System information queried: ModuleInformation Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process information queried: ProcessInformation Jump to behavior

Anti Debugging
barindex
Hides threads from debuggers
Source: C:\Users\user\Desktop\file.exe Thread information set: HideFromDebugger Jump to behavior
Tries to detect sandboxes and other dynamic analysis tools (window names)
Source: C:\Users\user\Desktop\file.exe Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe Open window title or class name: file monitor - sysinternals: www.sysinternals.com
Checks for debuggers (devices)
Source: C:\Users\user\Desktop\file.exe File opened: NTICE
Source: C:\Users\user\Desktop\file.exe File opened: SICE
Source: C:\Users\user\Desktop\file.exe File opened: SIWVID
Checks if the current process is being debugged
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Source: C:\Users\user\Desktop\file.exe Process queried: DebugPort Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0033E070 rdtsc 0_2_0033E070
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_0033B7FC LdrInitializeThunk, 0_2_0033B7FC
Enables debug privileges
Source: C:\Users\user\Desktop\file.exe Process token adjusted: Debug Jump to behavior
Source: C:\Users\user\Desktop\file.exe Memory allocated: page read and write | page guard Jump to behavior
Source: file.exe, 00000000.00000002.2321072608.00000000004C3000.00000040.00000001.01000000.00000003.sdmp Binary or memory string: 'Program Manager
Source: file.exe Binary or memory string: h'Program Manager
Source: C:\Users\user\Desktop\file.exe Code function: 0_2_00510C12 GetSystemTime,GetFileTime, 0_2_00510C12

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Disable Windows Defender notifications (registry)
Source: C:\Users\user\Desktop\file.exe Registry key value created / modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications DisableNotifications 1 Jump to behavior
Disable Windows Defender real time protection (registry)
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableIOAVProtection 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection Registry value created: DisableRealtimeMonitoring 1 Jump to behavior
Source: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender Security Center\Notifications Registry value created: DisableNotifications 1 Jump to behavior
Disables Windows Defender Tamper protection
Source: C:\Users\user\Desktop\file.exe Registry value created: TamperProtection 0 Jump to behavior
Modifies windows update settings
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AUOptions Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU AutoInstallMinorUpdates Jump to behavior
Source: C:\Users\user\Desktop\file.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate DoNotConnectToWindowsUpdateInternetLocations Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1532538 Sample: file.exe Startdate: 13/10/2024 Architecture: WINDOWS Score: 100 12 18.31.95.13.in-addr.arpa 2->12 14 Antivirus / Scanner detection for submitted sample 2->14 16 Machine Learning detection for sample 2->16 18 PE file contains section with special chars 2->18 20 AI detected suspicious sample 2->20 6 file.exe 9 1 2->6         started        signatures3 process4 file5 10 C:\Users\user\AppData\Local\...\file.exe.log, CSV 6->10 dropped 22 Detected unpacking (changes PE section rights) 6->22 24 Tries to detect sandboxes and other dynamic analysis tools (window names) 6->24 26 Modifies windows update settings 6->26 28 8 other signatures 6->28 signatures6
No contacted IP infos

Contacted Domains

Name IP Active
18.31.95.13.in-addr.arpa unknown unknown